Vulnerability Discovery Programme

Vulnerability Discovery Programme

Help keep the government's digital services secure with the Vulnerability Disclosure Programme

Vulnerability Disclosure Programme — help keep Government systems secure

  • VDP is a Singapore government program that crowdsources help from ethical hackers to find and report weaknesses in government websites.

  • Helps identify and fix vulnerabilities in government digital services to protect users.

  • Helps to protect millions of users who visit government websites daily.

  • Ethical hackers who report validated vulnerabilities are rewarded with reputation points on HackerOne and Credly badges featuring Jaga the cybersecurity hedgehog.

Cyber threats are increasingly becoming prevalent and sophisticated. With digital services provided by Singapore's government agencies collectively receiving millions of unique visits every day, there is a need to safeguard our users from potential risks.   

Just like maintaining security in the physical world, ensuring cybersecurity requires the vigilance of everyone. That is why we have rolled out the Vulnerability Disclosure Programme (VDP), an evergreen crowdsourcing platform that encourages the responsible reporting of suspected vulnerabilities or weaknesses in IT services, systems, resources and processes that may cripple the government's internet-accessible applications.

With VDP, you can play your role in upholding security in the digital world. Best of all, if you report a vulnerability that's later validated by our officers, you'll be rewarded with reputation points on HackerOne, a bug bounty platform! Earn reputation points to enjoy privileges such as invitations to private bug bounty programmes.

Why use VDP?

Be a conscientious web user
When you report vulnerabilities, you're protecting other users from damage, harm or loss.
Contribute to government's efforts
Strengthen the nation's overall reporting and in-depth testing capabilities.
Receive VDP swag
Collect Credly badges, which feature Jaga the cybersecurity hedgehog.

How do you make a vulnerability report?

  • Notice a vulnerability on a government website? Simply scroll to the bottom of the page and find the link "Report Vulnerability" in the footer

  • Access the VDP page to understand the Codes of Conduct, and what to expect.

  • Look out for the "Report" button and click on it to make your report.

How to collect Credly badges?

Report vulnerabilities in the SG government's digital services and earn badges via the Vulnerability Discovery Programme

  • Make a cybersecurity vulnerability report.

  • Once the report has been validated by our team, an email invitation to claim the badge will be sent to your official HackerOne email address. This will take about seven working days.

  • Register for a Credly account to manage the badges and your Credly profile page.

  • The badges can be published on your Facebook, Twitter, or LinkedIn account. Be proud of your achievements and contributions towards keeping Singapore cybersafe.

  • Each badge has a validity period of three years.

  • Collect them all!

Interested to find out more about VDP?

Visit the VDP page to learn more about it
Visit the VDP page to learn more about it
Go to page
Know how the VDP can improve? Become a Tech Kaki to share your ideas
Know how the VDP can improve? Become a Tech Kaki to share your ideas
Join Tech Kaki community

PREVIOUS

CrowdTaskSG

NEXT

Build for Good Hackathon