Anyone Can Become a White Hat Hacker…Continuous Security Vulnerability Reporting and Response System Introduced | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The government will pilot a white hat hacker system, allowing any citizen to identify and address security vulnerabilities in companies and public institutions.

The National Artificial Intelligence Strategy Committee, the Ministry of Science and ICT, the National Intelligence Service, and the Korea Internet & Security Agency (KISA) announced on May 28 that they will launch a pilot project for a security vulnerability reporting, response, and disclosure (CVD/VDP) system to build a robust security ecosystem.

Any South Korean national aged 19 or older can apply to become a white hat hacker, with no limit on the number of participants. However, since vulnerabilities may be discovered in actual operational networks, the government plans to establish policies that define which vulnerabilities can be explored and introduce safeguards such as mandatory ethics training and compliance agreements for applicants, in order to prevent side effects like personal data leaks.

Applications can be submitted on the website for two weeks, from May 29 to June 12. After participant training and approval procedures, successful applicants will be active for approximately five months from June onward. The final list of discovered vulnerabilities and corresponding actions will be released at the end of this year, and outstanding white hat hackers who uncover prominent vulnerabilities will receive certificates and a total prize pool of 20 million won.

This system is already widely implemented in the United States and Europe. In contrast, in Korea, only temporary penetration testing or quarterly vulnerability bug bounty programs have been run by some public institutions and corporations.

This pilot project aims to verify effectiveness ahead of a full-scale launch next year, while also increasing public awareness. In particular, with the rise of AI-based hacking threats due to Anthropic’s latest AI model ‘Mythos,’ the pilot initiative will also allow white hat hackers to conduct AI-powered hacking activities.

A total of 15 organizations, including seven private companies and eight public institutions, will participate in the pilot project. The private sector participants are LG Uplus, Nexon, NC, Toss Payments, Samsung Life, ESTsecurity, and INCA Internet. Participating public sector services include GukminAnjeon24 (Ministry of the Interior and Safety), Health Insurance Review & Assessment Service, Vaccination Helper (Korea Disease Control and Prevention Agency), KEPCO ON (Korea Electric Power Corporation), National Transport Information Center (Ministry of Land, Infrastructure and Transport), Cyber Inspection Center (Korea Transportation Safety Authority), Economic Statistics System (Bank of Korea), and Public Institution Recruitment Information System (Ministry of Economy and Finance).

Bae Kyunghoon, Deputy Prime Minister and Minister of Science and ICT, who also serves as Vice Chair of the AI Strategy Committee, stated, “In the AI era, security is a core foundation supporting the national economy and security. In order to counter the persistent AI-driven threats highlighted by the Mythos incident, it is essential to establish a practical and preemptive security system,” adding, “We will use this pilot project as a catalyst to successfully introduce and stabilize a continuous vulnerability reporting and response system, thereby actively contributing to the development of a secure ecosystem.”

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.