The Vulnerability Rewards Program (VRP) combines the Government Bug Bounty Program (GBBP) and the Vulnerability Disclosure Program (VDP), which all operate in tandem with the govt’s own cybersecurity inspections.
“The three crowdsourced vulnerability discovery programs offer a blend of continuous reporting and seasonal in-depth testing capabilities that taps the larger community, in addition to routine penetration testing conducted by the Government,” said GovTech in a blog post.
The VRP is intended for ongoing testing of a number of Singapore’s most important e‐commerce services. This initially comprises Singpass and Corppass, client e-services for its mandatory healthcare, savings plan services, and pension, as well as a part of the systems that facilitate the granting of work permits for foreign individuals. GovTech stated that more ICT systems will be added to the project over time.
Singapore is known for enforcing regulations, earning it the not-so-ironic moniker “The Fine City” for the numerous fines it imposes on rule-breakers. This regime should keep the VRP from being abused.
Depending on the severity of the vulnerability, participants in the program might receive anywhere from $250 to $5000. A special prize of $150,000 can be awarded for a major vulnerability that has the potential to have a huge impact.
At a period when cybercrime is on the rise, Singapore wants to secure its Smart Nation initiative. Cybercrime is expected to account for 43% of all crime in Singapore by 2020, and assaults on authorities are seen as a dark and impending danger.
Singapore’s Smart Nation Sensor Platform compared the tropical nation’s vital interconnection to the sport of synchronized swimming in a blog post published on 1st August 2021. Singapore will need to secure each individual system from intrusion to an extent that other countries struggle to accomplish if it is to attain its aim of being a leading Smart Nation that avoids disruptive occurrences.
It’s hardly unexpected that the island city infrastructure states are being strengthened in this way, given that crowdsourcing and bug bounties have grown commonplace. Singapore’s central bank’s virtual currency initiatives were crowdsourced in June.
HackerOne has worked with governments before, most notably launching a month-long hacker vulnerability test in collaboration with the United Kingdom government.