Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Government Technology Agency (GovTech)
  1. Home
  2. Products and services
  3. For citizens
  4. Crowdsourcing
  5. Vulnerability Discovery Programme

Vulnerability Discovery Programme

Explore the Vulnerability Disclosure Programme allowing citizens to report cyber threats and contribute to secure government services.

Last updated 28 April 2025

On this page

Help keep the government's digital services secure with the Vulnerability Disclosure Programme
Why use VDP?
How do you make a vulnerability report?
How to collect Credly badges?
Interested to find out more about VDP?

Help keep the government's digital services secure with the Vulnerability Disclosure Programme

Vulnerability Disclosure Programme — help keep Government systems secure

  • VDP is a Singapore government program that crowdsources help from ethical hackers to find and report weaknesses in government websites.

  • Helps identify and fix vulnerabilities in government digital services to protect users.

  • Helps to protect millions of users who visit government websites daily.

  • Ethical hackers who report validated vulnerabilities are rewarded with Credly badges featuring Jaga the cybersecurity hedgehog.

Cyber threats are increasingly becoming prevalent and sophisticated. With digital services provided by Singapore's government agencies collectively receiving millions of unique visits every day, there is a need to safeguard our users from potential risks.   

Just like maintaining security in the physical world, ensuring cybersecurity requires the vigilance of everyone. That is why we have rolled out the Vulnerability Disclosure Programme (VDP), an evergreen crowdsourcing platform that encourages the responsible reporting of suspected vulnerabilities or weaknesses in IT services, systems, resources and processes that may cripple the government's internet-accessible applications.

Why use VDP?

Be a conscientious web user

When you report vulnerabilities, you're protecting other users from damage, harm or loss.

Contribute to government's efforts

Strengthen the nation's overall reporting and in-depth testing capabilities.

Receive VDP swag

Collect Credly badges, which feature Jaga the cybersecurity hedgehog.

How do you make a vulnerability report?

  • Notice a vulnerability on a government website? Simply scroll to the bottom of the page and find the link "Report Vulnerability" in the footer

  • Access the VDP page to understand the Codes of Conduct, and what to expect.

  • Look out for the "Report" button and click on it to make your report.

How to collect Credly badges?

Report vulnerabilities in the SG government's digital services and earn badges via the Vulnerability Discovery Programme

  • Make a cybersecurity vulnerability report.

  • Once the report has been validated by our team, an email invitation to claim the badge will be sent to your official YesWeHack email address. This will take about seven working days.

  • Register for a Credly account to manage the badges and your Credly profile page.

  • The badges can be published on your Facebook, Twitter, or LinkedIn account. Be proud of your achievements and contributions towards keeping Singapore cybersafe.

  • Each badge has a validity period of three years.

  • Collect them all!

Interested to find out more about VDP?

Visit the VDP page to learn more about it

Visit the VDP page to learn more about it

Know how the VDP can improve? Become a Tech Kaki to share your ideas

Know how the VDP can improve? Become a Tech Kaki to share your ideas