Second Government Bug Bounty Programme Expanded to Cover More Systems and Digital Services

01 Jul 2019

The Government Technology Agency (GovTech) and Cyber Security Agency (CSA) of Singapore will be conducting the second Government Bug Bounty Programme (BBP) from July to August 2019. The inaugural Government BBP was conducted earlier this year where five Internet-facing government ICT systems and digital services were tested.

The second Government BBP, which will run for three weeks, will be expanded to cover nine Internet-facing government ICT systems and digital services with high user touchpoints: SingPass and MyInfo (GovTech); OneMap website and mobile (Singapore Land Authority); MASNET and MAS corporate website (Monetary Authority of Singapore); Parents Gateway (Ministry of Education); and SGWorkPass mobile and CheckWorkPass Status e-Service (Ministry of Manpower).

Similar to the inaugural Government BBP, participating ethical hackers – also known as ‘white hat’ hackers – will be required to register with the appointed bug bounty company, HackerOne. Registered/authorised hackers will receive rewards ranging from US$250 to US$10,000, depending on the severity of the discovered vulnerability. Discovered vulnerabilities are reported to the relevant organisation for remediation. Key findings will be shared in September 2019.

About 400 local and overseas ‘white hat’ hackers took part in the inaugural Government BBP. 26 vulnerabilities were uncovered and a total bounty payout of close to US$12,000 was awarded. The second Government BBP signals the Government’s continued commitment to work with the cybersecurity community and industry to strengthen and safeguard government ICT systems and digital services.


About Government Technology Agency
The Government Technology Agency of Singapore (GovTech) is the lead agency driving Singapore’s Smart Nation initiative and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Sensors & IoT, Digital Infrastructure, and Cybersecurity.  

GovTech supports public agencies to manage enterprise IT operations and develop new digital products for citizens and businesses. GovTech is the public sector lead for cybersecurity, and oversees key government ICT infrastructure, as well as regulates ICT procurement, data protection and security in the public sector.  GovTech is a Statutory Board under the Smart Nation and Digital Government Group (SNDGG) in the Prime Minister’s Office. 

For more information, please visit

About the Cyber Security Agency of Singapore
The Cyber Security Agency of Singapore (CSA) provides dedicated and centralised oversight of national cybersecurity functions, and works with sector leads to protect Singapore’s critical services. It also engages with various industries, and stakeholders to heighten cybersecurity awareness as well as to ensure the holistic development of Singapore’s cyber security landscape. The Agency is part of the Prime Minister’s Office and is managed by the Ministry of Communications and Information. 

For more information, please visit