Implementation of the Financial Sector Security Vulnerability Reporting Reward Program (Bug Bounty)
The Financial Supervisory Service announced on May 27 that, together with the Financial Security Institute, it will implement the "2025 Financial Sector Security Vulnerability Reporting Reward Program" (Bug Bounty).
The bug bounty program is a system designed to identify and address vulnerabilities in electronic financial services operated by financial companies, which cannot be detected through internal security checks alone, by leveraging the perspectives and collective intelligence of external participants such as white-hat hackers and students.
The Financial Supervisory Service explained that, as concerns over cyber risks have risen recently due to incidents both inside and outside the financial sector, it has actively encouraged more financial companies to participate in the bug bounty program to assess and strengthen their security capabilities. As a result, the number of participating financial companies has increased from 22 last year to 32 this year.
Participants in the vulnerability assessment, including white-hat hackers and students, will conduct white-hat hacking activities to discover vulnerabilities in the 32 designated financial companies over a three-month period until the end of August. Reported vulnerabilities will be evaluated by a panel of experts, and rewards of up to 10 million KRW will be granted.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
