The Singapore Government has announced a new short-term bug bounty program to for external hackers to find vulnerabilities in nine key government-run websites.The bug bounty is being overseen by the Government Technology Agency of Singapore (GovTech) and the Cyber Security Agency of Singapore (CSA).The three week bug hunting program is limited to internet-facing systems and will focus on nine widely-used systems, including the GovTech-run SingPass and MyInfo websites for transacting with government agencies online; the Singapore Land Authority’s OneMap website and and mobile app; and the Monetary Authority of Singapore’s MASNET and MAS corporate websites used by financial institutions. Others include the Ministry of Education’s Parents Gateway; and the Ministry of Manpower’s SGWorkPass mobile and CheckWorkPass Status e-Service. Singapore kicked off its first government three week bug bounty in December 2018, offering pre-selected researchers awards of up to $10,000 per bug. The program helped resolve 26 bugs and total rewards to researchers of just under $12,000.Singapore’s Ministry of Defence (MINDEF) had run separate bug bounty in in early 2018 that produced 35 valid bug reports and a top individual prize of $2,000. As with the previous GovTech and CSA bug bounty programs, this new program will be managed by third-party bug bounty firm, HackerOne. Rewards range between US$250 to US$10,000. The program will run from July to August 2019, and GovTech intends to announce key findings in September 2019.HackerOne boasts that besides the Singapore Government, others nations’ agencies using it for bug bounties include the U.S. Department of Defense, U.S. General Service Administration, the UK’s NCSC, and the European Commission, which has an ongoing EU-FOSSA program targeting open source program.One beneficiary of the EC’s bug bounty was the project behind popular VLC media player, which in June released its biggest security update ever. But key VLC developers were left with mixed feelings about the program because it attracted both scammers and actually technically competent hackers who helped it resolve security bugs. Related content news AT&T suffers critical breach impacting 73 million customers Data released on the dark web impacts 7.6 million existing account holders and 65.4 million past subscribers. By Shweta Sharma 01 Apr 2024 4 mins Data Breach feature Recruit for diversity: Practical ways to remove bias from the hiring process Changing the wording on job descriptions and introducing a diverse hiring panel are some of the ways to remove bias when hiring cybersecurity professionals. By Aimee Chanthadavong 01 Apr 2024 8 mins Careers feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff 01 Apr 2024 17 mins Technology Industry IT Skills Events news Top cybersecurity product news of the week New product and service announcements from Bedrock Security, GitGuardian, Legit Security, Nametag, and Cybereason and Observe By CSO staff 29 Mar 2024 70 mins Generative AI Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe