Quebec will pay pirates If they find “computer errors” in government systems, hoping to enhance security and discover weaknesses in their assets.
The Minister for Cyber and Digital Security, Eric Kaer, has launched a new Bug Bounty program, the first of its kind in Quebec and Canada.
The “secure” platform of the French company YesWeHack will be provided to people who specialize in exposing vulnerabilities in information security.
They will have access to certain computer assets to discover flaws that could compromise the data security of Quebecers.
“Every community on the planet has access to the programme,” the minister said.
This is currently a $94,000 pilot project. The first payment of $30,000 will be used to pay for the use of the platform and the rest of the prize pool will be used to pay for the rewards.
Up to $7,500 per mistake
A network is developed by the government, according to the severity of exposure to the detected defects.
For example, if the damage is low and the risk is low, the cute hacker will get $50.
However, if the damage is exceptional and the vulnerabilities are critical, he could receive up to $7,500 for his digital bravery.
The goal, however, is for the program to be permanent.
“The collaboration of the information security research community is essential in order to effectively combat cyber threats and cyber attacks,” Minister Kair said, noting that such an exercise would allow his government teams to “validate” the work done internally.
“This innovative approach will certainly provide greater firepower to quickly identify and fix potential weaknesses.”
To participate pirates They will have to identify and certify themselves, Mr. Kaer specifies.
Thus the public service can solve a serious employment problem, which is struggling to attract computer security experts due to unattractive salary conditions.
The experts will continue to work in the private sector, while helping the government in exchange for grants.
“Does it allow us to access a very high level of skill at a low cost,” says Eric Kayer.
According to Hackfest co-founder Patrick Matthews, the monetary incentive will motivate “researchers.”
“Above 5000 dollars is very good […] For the government, it’s a way to test projects without paying $200 or $300 an hour to consultants.”
- Listen to the interview with Patrick Matthew, Hackfest co-founder and computer security expert on QUB Radio:
Premiums according to the level of damage
- Little : between $50 And 500 dollars
- average: between $100 dollars And 1000 dollars
- average: between $150 And 1500 dollars
- critical: between $250 And 3000 Dollars
- exceptional: between $250 And 7500 dollars
Source: Ministry of Cyber and Digital Security
“Music guru. Incurable web practitioner. Thinker. Lifelong zombie junkie. Tv buff. Typical organizer. Evil beer scholar.”