On the 26th, the Financial Security Institute announced that it will implement the "2026 Financial Sector Software (SW) Security Vulnerability Reporting Reward Program" to proactively identify vulnerabilities in software commonly used across the financial sector. Under this program, anyone in the country can participate as a "white-hat hacker" and report vulnerabilities in software used by financial companies or distributed to financial consumers.
Starting this year, applications to participate and submissions of vulnerability reports will be centralized and managed through the "Financial Sector Software Supply Chain Security Platform (SSCS)," which was launched in February. The Financial Security Institute explained that, in light of incidents such as the React2Shell case, where supply chain vulnerabilities can have simultaneous and widespread impacts across the entire financial sector, vulnerabilities in commonly used software (including solutions) will be accepted on a rolling basis throughout the year.
In particular, to systematize the response to identified vulnerabilities, the institute will also expand "joint-operation" agreements with vendors that supply software to the financial sector. Four companies participated last year, and with one additional company joining this year, the institute is now jointly operating the program with a total of five companies: Hunession, Genians, Secuve, Jiransoft, and Tertian. However, it noted that, regardless of whether a vendor participates in joint operation, vulnerabilities in software and solutions that could affect the financial sector can be reported at any time.
Rewards of up to 10 million won will be paid, depending on the severity of the vulnerability. For cases that are highly critical and have significant impact, the institute will also seek to grant CVE credits under the international vulnerability identification system. Outstanding reporters will receive incentives such as preferential treatment when applying for positions at the Financial Security Institute and being listed in the "Vulnerability Discovery Hall of Fame." Park Sangwon, President of the Financial Security Institute, said, "As security threats increase and the speed of attacks accelerates, the importance of proactively identifying vulnerabilities by leveraging white-hat hackers is growing," adding, "By linking the Financial Sector Software Supply Chain Security Platform with the vulnerability reporting system, we will systematically support the entire vulnerability management process, from discovery to coordination, mitigation, and information sharing."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
