Suomi.fi security bug bounty program open — Rewards up to 30,000 €
Suomi.fi is a state run web service in Finland. The portal provides information and online access to public services from many government organizations. Population Register Centre, the body behind Suomi.fi has now organized a bug bounty program with rewards of up to 30,000 euros.
The bug bounty program invites professional and hobbyists interested in software security to conduct security research. In practise this community powered method invites external hackers to find security issues (bugs) in software. In the case of Suomi.fi, the target is the service in general, including the identity management API (Application Programming Interface).
Hackers looking to participate will need send a request for participation. Approved users agree to be bound by the terms of the program. The practicalities are handled by Hackrfi, a company that specializes in managing community driven vulnerability research and security testing. In addition to Suomi.fi, the Finnish tax authority is also running a bug bounty.
According to security director Pekka Ristimäki the Population Register Centre recognizes the potential that this approach has. At the same time skilled hackers can use their skills with permission, and can earn some income while doing it. The Suomi.fi bug bounty program is open from February to August 2018.
Hacking done within the bounds of the program does not compromise the security of the system. A wider penetration testing group enables wider range of testing and locating potential vulnerabilities in the Suomi.fi group of services. A rewards in this program range from 100€ to 30,000€, depending on the significance of the find.
Applications to the program are done on the Hackrfi site: https://www.hackr.fi/ohjelmat/suomifi.html
Currently all material is available in only Finnish, but Hackr does provide signups for in English as well.