Quebec will pay hackers if they find “computer bugs” on government systems, hoping to boost security and find vulnerabilities in its assets.
• Read also: State of the two bridges: Marchand says he trusts the government
The Minister of Cybersecurity and Digital, Éric Caire, is launching the new Bug Bounty Program, a first in Quebec and Canada.
The “secure” platform of the French firm YesWeHack will be made available to people who specialize in the detection of vulnerabilities in information security.
They will have access to certain computer assets to find flaws that can compromise the security of Quebecers’ data.
“The entire community of the planet has access to the program,” says the minister.
This is currently a $94,000 pilot project. A first tranche of $30,000 will be used to pay for the use of the platform and the rest of the kitty will be used to pay the bonuses.
Up to $7500 per bug
A grid has been developed by the government, according to the criticality of the vulnerability of the flaws discovered.
For example, if the harm is low and the dangerousness is low, the nice hacker will get $50.
However, if the damage is exceptional and the vulnerability is critical, he may receive up to $7,500 for his act of digital bravery.
The goal, however, is for the program to be permanent.
“The collaboration of the information security research community is essential in order to effectively combat cyber threats and cyber attacks,” said Minister Caire, indicating that such an exercise will allow his government teams to “validate” the work done in-house.
“This innovative approach will certainly provide greater firepower to identify potential vulnerabilities and fix them quickly. »
To participate, hackers will need to identify and authenticate themselves, says Mr. Caire.
Outside help
The civil service could thus solve a serious recruitment problem, which is struggling to attract computer security experts because of unattractive salary conditions.
Experts will continue to work in the private sector, while helping the government in exchange for bounties.
“Does it allow us to have access to a very high level of skill at low cost, the answer is: most certainly, yes”, says Éric Caire.
According to Hackfest co-founder Patrick Mathieu, the monetary incentive will motivate “researchers”.
“Above $5,000 is very good […] For the government, it’s a way of testing projects without paying consultants at $200 or $300 an hour,” he says. -he.
Source: Ministry of Cybersecurity and Digital
1