[Asia Economy Reporter Song Seung-seop] The Financial Security Institute announced on the 3rd that it will implement a 'bug bounty' program that rewards individuals who discover vulnerabilities in the financial sector.
A bug bounty is a system that receives reports of new vulnerabilities in services and products, evaluates them, and then provides rewards. Since 2019, the Financial Security Institute has been the only organization operating such a program in the domestic financial sector. The purpose is to proactively identify and eliminate cybersecurity vulnerabilities to protect financial consumers and enhance service stability.
Initially, the program only dealt with vulnerabilities in internet banking security programs, but this year it has expanded to include mobile applications (apps) of financial companies. Eleven financial institutions are participating, including banks (K Bank, Kakao Bank), insurance companies (Hanwha General Insurance, MetLife Life Insurance, Heungkuk Fire & Marine Insurance, DGB Life Insurance), and electronic finance (Naver Financial). Detailed information about participating institutions and the scope of vulnerability reports will be provided additionally to participants.
The Financial Security Institute evaluates reported vulnerabilities and provides rewards of up to 10 million KRW depending on the severity level. The related information is promptly shared with financial companies and software developers, and support is provided for security patches and update development. Starting this year, the Institute will also offer preferential treatment to outstanding vulnerability reporters when applying for jobs.
Kim Cheol-woong, President of the Financial Security Institute, stated, “To maintain digital soundness, it is very important to identify and eliminate security vulnerabilities in advance,” and added, “We will encourage active participation from capable security experts such as white-hat hackers.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
