Students and faculty engage in real-world cybersecurity training while earning bounties and safeguarding their universities from cyber attacks.

In Singapore, where money is involved, hackers will be motivated. The allure of monetary compensation to attract hacking interest is behind the inaugural Inter-University (InterUni) Bug Bounty Challenge jointly organized by the National University of Singapore (NUS) and Singapore Management University (SMU) in partnership with bug bounty firm HackerOne.

Bug bounty programs incentivize non-malicious (‘ethical’) hackers to look for software vulnerabilities or bugs in exchange for monetary rewards or ‘bounties.’ This year, the three-week InterUni hacking challenge was held from 12 August 2020 to 2 September 2020. More than 200 participated, testing a total of 18 critical systems and digital assets, three of which are mobile based.

Overall, 33 valid vulnerabilities were uncovered by participants, earning US$13,700 for their findings, nearly triple the amount earned in NUS’ initial bug bounty challenge last year. Participating students were also eligible to earn extra academic credits for select course modules on the completion of the training sessions. 

Said NUS’s Chief Information Technology Officer, Tommy Hor: “Results of the InterUni Bug Bounty Challenge 2020 have again exceeded expectations. Extending the participation to other universities was a natural progression of our aim to continue driving cybersecurity innovation within the local higher education community. We were able to build upon last year’s challenge and make this an inclusive exercise for students and faculty at both universities.” 

Invaluable exposure

SMU’s Chief Information Officer mirrored the sentiment: “There is no better way for students to learn than to find security bugs in the real world. The (program) allowed us to extend security testing to include those who use our technology most. Providing this opportunity for our students and faculty to build practical cybersecurity skills also helped us reduce real organizational risk.” 

The top winner of program, Ngo Wei Lin, said it helped to build up cybersecurity skills and put them to good use on real world systems. “It was commendable that the university made available real-life systems for this program. I won big not because of the cash award but the invaluable real-life experience I have gained,” said the Year 3 student at the NUS School of Computing.

This is the third time HackerOne has partnered with a major university to empower students to secure their school. In 2017, the University of Berkeley in the US had enrolled in an experimental ‘cyberwar’ course to train future cybersecurity leaders and build a safer internet—a goal which the firm believes in.

NUS and SMU plan to make the InterUni Bug Bounty Challenge an annual event.