Singapore Polytechnic (SP) has announced that in the partnership with Europe's leading bug bounty platform, YesWeHack, they have completed the first-ever bug-bounty event on Monday, September 2.
A bug-bounty program, which is also called a vulnerability rewards program (VRP), is a deal offered by many websites, organizations and software developers by which experts in the field can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
Such programs are a growing as industry's best practices, implemented by both public and private sector organizations across multiple sectors in Singapore.
The recent bug bounty event held by Singapore Polytechnic, the workshop brought more than 30 second- and third-year students from the Diploma in Infocomm Security Management back to school from their vacation as they learnt the ins and outs of bug-bounty hunting.
This workshop started with a bug bounty crash course led by BitK, a renowned French security researcher, bug hunter and Tech Ambassador at YesWeHack.
After equipping them with highly specialised bug hunting skills, he led students in a live experience to discover vulnerabilities and bugs in two selected applications. During the bug bounty hunt, the students found a total of nine critical vulnerabilities in the applications.
At the end of the workshop, one of the groups of SP students successfully penetrated and gained full admin rights to one of the applications.
Jonathan Tan, a third-year Infocomm Security Management student said, "I've had the opportunity to attend cybersecurity events like Capture-The-Flag competitions, which has allowed me to learn new things and further enhance my skills. Bug-bounty is very different, you're trying to exploit a real and live application."
It should be noted that while cyber attacks with extreme complexity are booming currently, bug bounty has been recognised by the Singapore Government as an initiative to strengthen collaboration with the cybersecurity community to safeguard systems and digital services.
Samson Yeow, Course Chair, Diploma of Infocomm Security Management, Singapore Polytechnic said in a statement: "We aim to equip our students with the latest knowledge and skills. We are confident that the bug-bounty session gave our Infocomm Security Management students an insight into the cybersecurity industry and we're exploring the inclusion of bug bounty programmes as part of the curriculum in the diploma course."