Vulnerability Discovery Programme
Help keep the government's digital services secure with the Vulnerability Disclosure Programme
-
VDP is a Singapore government program that crowdsources help from ethical hackers to find and report weaknesses in government websites.
-
Helps identify and fix vulnerabilities in government digital services to protect users.
-
Helps to protect millions of users who visit government websites daily.
-
Ethical hackers who report validated vulnerabilities are rewarded with Credly badges featuring Jaga the cybersecurity hedgehog.
Cyber threats are increasingly becoming prevalent and sophisticated. With digital services provided by Singapore's government agencies collectively receiving millions of unique visits every day, there is a need to safeguard our users from potential risks.
Just like maintaining security in the physical world, ensuring cybersecurity requires the vigilance of everyone. That is why we have rolled out the Vulnerability Disclosure Programme (VDP), an evergreen crowdsourcing platform that encourages the responsible reporting of suspected vulnerabilities or weaknesses in IT services, systems, resources and processes that may cripple the government's internet-accessible applications.
Why use VDP?
How do you make a vulnerability report?
-
Notice a vulnerability on a government website? Simply scroll to the bottom of the page and find the link "Report Vulnerability" in the footer
-
Access the VDP page to understand the Codes of Conduct, and what to expect.
-
Look out for the "Report" button and click on it to make your report.
How to collect Credly badges?
-
Make a cybersecurity vulnerability report.
-
Once the report has been validated by our team, an email invitation to claim the badge will be sent to your official YesWeHack email address. This will take about seven working days.
-
Register for a Credly account to manage the badges and your Credly profile page.
-
The badges can be published on your Facebook, Twitter, or LinkedIn account. Be proud of your achievements and contributions towards keeping Singapore cybersafe.
-
Each badge has a validity period of three years.
-
Collect them all!