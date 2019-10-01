Unlike their malicious counterparts, white hat (or ethical) hackers use their skills to help companies test their online security. The New Paper

Singapore’s cybersecurity agency (CSA) doled out over US$25,000 (S$35,940) to white hat hackers worldwide on Tuesday (Oct 1) as thanks for finding various bugs in Government systems that could result in sensitive data being leaked.

Unlike their malicious counterparts, white hat (or ethical) hackers use their skills to help companies test their online security.

Some 300 white hat hackers were recruited under a Government bug bounty programme organised by CSA, Singapore’s Government Technology Agency (GovTech) and HackerOne, a US-based bug bounty company, to scour nine Government systems for bugs between July 8 and 28, HackerOne said in a statement.

To participate, the hackers had to be registered and have their credentials checked. They also had to sign an agreement not to leak information about any vulnerabilities they found, The Straits Times previously reported.

They found 31 bugs, four of high severity and 27 of medium or low severity.

One-quarter of participating hackers were Singaporean, with the top hacker – a 24-year-old Singaporean known as “spaceraccoon” – single-handedly finding nine bugs, for which the Government paid US$8,500 (S$11,775).

Seven of the top 10 hackers were from Singapore, HackerOne added.

A earlier round of the bug bounty programme in March yielded 26 bugs, one of high severity, for which the Government paid US$11,000.

A third round will be organised next month.

HackerOne’s GovTech programme manager Fifi Handayani, said the Singapore Government saw value in maximising hacker engagement, and it is an Apac leader in using hacker-powered security solutions.

