Buy CryptoMarketsSpotFuturesGOLDEarnEvent Center
More
USD1 Genesis
The institution of the Safe Harbor Policy and Bug Bounty Program should be a welcome note for those with the right set of skills, as it tries to incentivize responsibleThe institution of the Safe Harbor Policy and Bug Bounty Program should be a welcome note for those with the right set of skills, as it tries to incentivize responsible

[Tech Thoughts] DICT’s bug bounties and ethical hacking at a glance

Author: Rappler
Source: Rappler
2026/01/31 12:00
6 min read
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

The Department of Information and Communications Technology on January 14 released department circular HRA-002, which laid down the revised and consolidated guidelines, rules, and regulations on vulnerability disclosures and the country’s safe harbor policy and bug bounty program.

DICT Secretary Henry Aguda even went to the Rootcon hacking conference last year for the purpose of advertising this development, saying that the country’s hackers should be using their skills “to protect, not to destroy.”

To that end, the institution of the Safe Harbor Policy and Bug Bounty Program (SHPBBP) should be a welcome note for those with the right set of skills, as it tries to incentivize responsible cybersecurity disclosures for government services.

Let’s look at what this all means, especially if you haven’t heard of this development.

Ethical hackers, bug bounties, and safe harbor policies

Ethical hacking is the process by which a cybersecurity professional, also known as a white-hat hacker, identifies and helps fix vulnerabilities in apps, systems, or technologies before that vulnerability can be used maliciously by an unethical, or black-hat, hacker.

As such, ethical hacking simulates real-world cyberattacks to assess a system’s risks so the given systems can be improved upon or otherwise strengthened in security.

To make ethical hacking rewarding for white-hat hackers, bug bounty programs are organizational structures set up to assess and offer financial compensation for the work of uncovering and responsibly turning over vulnerabilities to the people developing the systems that have been hacked. This is so the security of said systems can be improved upon.

Bug bounty programs often come with protections for hackers to do their work.

These safe harbor policies are designed to protect white-hat hackers or security researchers from administrative, civil, or criminal liability should they find something in the process of hunting down bugs, so long as they properly disclose their research according to the specifics of a given bug bounty program.

What is DICT’s SHPBBP circular about?

The SHPBBP of the DICT outlines the protections and requirements needed to participate in the DICT’s bug bounty program.

Now, you might be wondering then if anyone can participate in a bug bounty.

For the purposes of the DICT’s circular, you have to, at the very least, be a professional cybersecurity researcher to participate. You also have to register yourself under a Know Your Contributor (KYC) procedure to even be eligible to get rewarded from a bug bounty.

Specifically though, the circular said it applies to the following:

  • All national government agencies under the Executive Branch, including Government-Owned and -Controlled Corporations and their subsidiaries, Government Financial Institutions, and State Universities and Colleges, including those under the *.gov.ph domain and DICT-managed platforms;
  • The Philippine Congress, the Judiciary, Independent Constitutional Commissions, the Office of the Ombudsman, and Local Government Units are highly encouraged to adopt this Circular;
  • Private entities voluntarily enrolled under the DICT’s Public-Private Cybersecurity Partnership Program;
  • Critical Information Infrastructure (CII) operators, as identified under the National Cybersecurity Plan (NCSP); and
  • Cybersecurity Researchers that are responsible for identifying and analyzing potential threats to an organization’s network and systems.

Safe harbor protections will only apply, meanwhile, if you’re a security researcher who is testing only the systems declared within the scope of bug bounties; you do not commit any sort of unauthorized data exfiltration, alteration, or service disruption; you report vulnerabilities responsibly and privately to the DICT or the authorized entity; and you keep your findings private and do not disclose them until such time as the issue you’ve found has been resolved or you’ve been permitted to discuss it publicly.

How does it all work?

You may be curious how this works in practice, so here’s how it would generally play out.

A security researcher applies to join the DICT’s initiative through the Know Your Customer procedure mentioned above. They have to complete the entire process and be accepted to be eligible for cash rewards. Conflicts of interest — for instance, DICT personnel and third-party service providers engaged by the DICT — disqualify potential applicants from participating in these bug bounties.

The bug bounty program will have its bounties set by participating entities, namely the government agencies needing help, or government partners who want to set a bounty of their own. Funding to make this circular work “shall be charged against the existing budget of the covered agency or institution, and such other appropriate funding sources as the Department of Budget and Management may identify, subject to relevant laws, rules, and regulations.”

These bounties — including what sites or services and what aspects of those said sites and services are in need of testing — are listed on a vulnerability disclosure program portal (VDPP), a website dedicated to hunting the bugs and reporting them. This is hosted and maintained by the DICT’s cybersecurity bureau.

Bugs and issues properly reported to the VDPP can fall under four possible security scenarios ranging from Critical, High, Medium, and Low, with potential payouts based on industry rates depending on the reports and their severity.

The DICT’s cybersecurity bureau will validate the reports, and will give those with validated reports “appropriate certificate/recognition for the researcher’s contribution in reporting and/or
resolution of the validated vulnerability.” Private sector participating entities, after coordinating with the DICT cybersecurity bureau, may give appropriate monetary rewards or incentives based on the structured incentive mechanisms outlined in the VDPP.

Aside from monetary rewards, there is also the standing involved as responsible disclosures get some time in the government spotlight. Rewards include digital and printed certificates, public acknowledgment on the VDPP, and Inclusion in other DICT citations, as per the circular.

A much-needed development

A national bug bounty program with defined rules for engaging in the process is good news and a much-needed development in the cybersecurity space, as it should help incentivize ethical hacking in the long-run while improving government systems in the now.

If you’re a burgeoning cybersecurity professional, this can be a good way into the industry, so long as you know what you’re doing and do the work required for responsible disclosures.

Check out the circular linked here for details and get involved. You could be helping to improve government security from some bad people. – Rappler.com

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Tags:
#DeFi

You May Also Like

BCH Technical Analysis Apr 8

BCH Technical Analysis Apr 8

The post BCH Technical Analysis Apr 8 appeared on BitcoinEthereumNews.com. BCH’s 24-hour trading volume is running below recent averages at 110.17 million dollars
Share
BitcoinEthereumNews2026/04/08 13:44
Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025

Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025

BitcoinWorld Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 Are you ready to witness a phenomenon? The world of technology is abuzz with the incredible rise of Lovable AI, a startup that’s not just breaking records but rewriting the rulebook for rapid growth. Imagine creating powerful apps and websites just by speaking to an AI – that’s the magic Lovable brings to the masses. This groundbreaking approach has propelled the company into the spotlight, making it one of the fastest-growing software firms in history. And now, the visionary behind this sensation, co-founder and CEO Anton Osika, is set to share his invaluable insights on the Disrupt Stage at the highly anticipated Bitcoin World Disrupt 2025. If you’re a founder, investor, or tech enthusiast eager to understand the future of innovation, this is an event you cannot afford to miss. Lovable AI’s Meteoric Ascent: Redefining Software Creation In an era where digital transformation is paramount, Lovable AI has emerged as a true game-changer. Its core premise is deceptively simple yet profoundly impactful: democratize software creation. By enabling anyone to build applications and websites through intuitive AI conversations, Lovable is empowering the vast majority of individuals who lack coding skills to transform their ideas into tangible digital products. This mission has resonated globally, leading to unprecedented momentum. The numbers speak for themselves: Achieved an astonishing $100 million Annual Recurring Revenue (ARR) in less than a year. Successfully raised a $200 million Series A funding round, valuing the company at $1.8 billion, led by industry giant Accel. Is currently fielding unsolicited investor offers, pushing its valuation towards an incredible $4 billion. As industry reports suggest, investors are unequivocally “loving Lovable,” and it’s clear why. This isn’t just about impressive financial metrics; it’s about a company that has tapped into a fundamental need, offering a solution that is both innovative and accessible. The rapid scaling of Lovable AI provides a compelling case study for any entrepreneur aiming for similar exponential growth. The Visionary Behind the Hype: Anton Osika’s Journey to Innovation Every groundbreaking company has a driving force, and for Lovable, that force is co-founder and CEO Anton Osika. His journey is as fascinating as his company’s success. A physicist by training, Osika previously contributed to the cutting-edge research at CERN, the European Organization for Nuclear Research. This deep technical background, combined with his entrepreneurial spirit, has been instrumental in Lovable’s rapid ascent. Before Lovable, he honed his skills as a co-founder of Depict.ai and a Founding Engineer at Sana. Based in Stockholm, Osika has masterfully steered Lovable from a nascent idea to a global phenomenon in record time. His leadership embodies a unique blend of profound technical understanding and a keen, consumer-first vision. At Bitcoin World Disrupt 2025, attendees will have the rare opportunity to hear directly from Osika about what it truly takes to build a brand that not only scales at an incredible pace in a fiercely competitive market but also adeptly manages the intense cultural conversations that inevitably accompany such swift and significant success. His insights will be crucial for anyone looking to understand the dynamics of high-growth tech leadership. Unpacking Consumer Tech Innovation at Bitcoin World Disrupt 2025 The 20th anniversary of Bitcoin World is set to be marked by a truly special event: Bitcoin World Disrupt 2025. From October 27–29, Moscone West in San Francisco will transform into the epicenter of innovation, gathering over 10,000 founders, investors, and tech leaders. It’s the ideal platform to explore the future of consumer tech innovation, and Anton Osika’s presence on the Disrupt Stage is a highlight. His session will delve into how Lovable is not just participating in but actively shaping the next wave of consumer-facing technologies. Why is this session particularly relevant for those interested in the future of consumer experiences? Osika’s discussion will go beyond the superficial, offering a deep dive into the strategies that have allowed Lovable to carve out a unique category in a market long thought to be saturated. Attendees will gain a front-row seat to understanding how to identify unmet consumer needs, leverage advanced AI to meet those needs, and build a product that captivates users globally. The event itself promises a rich tapestry of ideas and networking opportunities: For Founders: Sharpen your pitch and connect with potential investors. For Investors: Discover the next breakout startup poised for massive growth. For Innovators: Claim your spot at the forefront of technological advancements. The insights shared regarding consumer tech innovation at this event will be invaluable for anyone looking to navigate the complexities and capitalize on the opportunities within this dynamic sector. Mastering Startup Growth Strategies: A Blueprint for the Future Lovable’s journey isn’t just another startup success story; it’s a meticulously crafted blueprint for effective startup growth strategies in the modern era. Anton Osika’s experience offers a rare glimpse into the practicalities of scaling a business at breakneck speed while maintaining product integrity and managing external pressures. For entrepreneurs and aspiring tech leaders, his talk will serve as a masterclass in several critical areas: Strategy Focus Key Takeaways from Lovable’s Journey Rapid Scaling How to build infrastructure and teams that support exponential user and revenue growth without compromising quality. Product-Market Fit Identifying a significant, underserved market (the 99% who can’t code) and developing a truly innovative solution (AI-powered app creation). Investor Relations Balancing intense investor interest and pressure with a steadfast focus on product development and long-term vision. Category Creation Carving out an entirely new niche by democratizing complex technologies, rather than competing in existing crowded markets. Understanding these startup growth strategies is essential for anyone aiming to build a resilient and impactful consumer experience. Osika’s session will provide actionable insights into how to replicate elements of Lovable’s success, offering guidance on navigating challenges from product development to market penetration and investor management. Conclusion: Seize the Future of Tech The story of Lovable, under the astute leadership of Anton Osika, is a testament to the power of innovative ideas meeting flawless execution. Their remarkable journey from concept to a multi-billion-dollar valuation in record time is a compelling narrative for anyone interested in the future of technology. By democratizing software creation through Lovable AI, they are not just building a company; they are fostering a new generation of creators. His appearance at Bitcoin World Disrupt 2025 is an unmissable opportunity to gain direct insights from a leader who is truly shaping the landscape of consumer tech innovation. Don’t miss this chance to learn about cutting-edge startup growth strategies and secure your front-row seat to the future. Register now and save up to $668 before Regular Bird rates end on September 26. To learn more about the latest AI market trends, explore our article on key developments shaping AI features. This post Lovable AI’s Astonishing Rise: Anton Osika Reveals Startup Secrets at Bitcoin World Disrupt 2025 first appeared on BitcoinWorld.
Share
Coinstats2025/09/17 23:40
How to Check Your SASSA SRD Grant Status in 2025 (Complete Guide for Applicants)

How to Check Your SASSA SRD Grant Status in 2025 (Complete Guide for Applicants)

The Social Relief of Distress (SRD) grant has become a vital financial support system for millions of South Africans. Managed by the South African Social Security
Share
Techbullion2026/04/08 13:08

Trending News

More

Adoption Leads Traders to Snorter Token

Morph Industry Report Challenges Stablecoin Myths, Outlines 8 Predictions Through 2030

XRP price analysis: Ripple-linked token jumps 5% on bitcoin strength

Silver Forecast: XAG/USD bulls await breakout above 200-EMA on H4

HDFC Bank Shares Rise Amid Action Against More Executives

24/7 Live News

More

ZEC breaks $300 resistance, indicating bullish momentum and potential uptrend toward $400 target.

Author: Nehal14:56

Iran and Oman impose tolls on Hormuz Strait ships during ceasefire, funds allocated for reconstruction.

Author: Nehal14:13

Ethereum spot ETFs saw $64.7M outflow; BlackRock clients sold $16.5M ETH on April 7.

Author: DustyBC Crypto14:11

Bitcoin spot ETFs saw $159.1M outflow; BlackRock clients sold $17.1M BTC on April 7. Market sentiment cautious.

Author: DustyBC Crypto13:53

BRISE ranks first among trending coins, indicating increased market attention and potential activity.

Author: Nehal13:50

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$71,701.25
$71,701.25$71,701.25

+5.19%

Ethereum Logo

Ethereum

ETH

$2,245.50
$2,245.50$2,245.50

+7.92%

Solana Logo

Solana

SOL

$84.49
$84.49$84.49

+7.12%

XRP Logo

XRP

XRP

$1.3800
$1.3800$1.3800

+6.32%

USDCoin Logo

USDCoin

USDC

$1.0000
$1.0000$1.0000

0.00%

$30,000 in PRL + 15,000 USDT

$30,000 in PRL + 15,000 USDT$30,000 in PRL + 15,000 USDT

Deposit & trade PRL to boost your rewards!