On the 28th, the Financial Supervisory Service (FSS) announced that it will operate a focused bug bounty reporting period for three months until August to proactively respond to cyber threats between the Financial Security Institute and the financial sector.
A bug bounty is a system that rewards individuals who discover and report security vulnerabilities in software or websites after evaluation. Unlike traditional penetration testing, anyone can participate, and there is no limit on the number of participants, allowing many capable individuals to inspect information systems.
Recently, the financial sector has seen an increasing need to securely protect electronic financial infrastructure due to the sophistication and advancement of cyber threats. Hacking attempts have evolved alongside the adoption of new financial IT technologies and software, extending beyond 'known security vulnerabilities' to cyber attacks such as 'Zero-day Attacks.' A Zero-day Attack exploits security vulnerabilities that have not yet been disclosed or for which countermeasures have not been announced.
Twenty-one financial companies, including banks, securities firms, and insurance companies, are participating in this bug bounty program. Anyone who is a citizen of the Republic of Korea, including white-hat hackers, students, and the general public, can participate.
Reported vulnerabilities will be evaluated by expert committees, and rewards of up to 10 million KRW will be given. Vulnerabilities with high risk and significant impact will be promptly shared with all financial companies for remediation, and efforts will be made to register them with the Common Vulnerabilities and Exposures (CVE) system.
Lee Bok-hyun, Governor of the FSS, said, "The bug bounty is a new type of security capability enhancement program that can prepare us for increasingly sophisticated cyber threats. I hope this opportunity will serve as a turning point to further strengthen the security level of the financial sector."
The FSS and the Financial Security Institute plan to continue expanding the bug bounty program to create a safer financial environment. They also plan to review related measures, such as providing incentives during the 'vulnerability analysis and evaluation' process, to encourage more financial companies to participate.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
