Reward for Discovering Financial Institution Security Vulnerabilities: 'Bug Bounty' Intensive Reporting Period Starting Next Month
- Input
- 2025-05-27 08:32:55
- Updated
- 2025-05-27 08:32:55
[Financial News] The Financial Supervisory Service and the Financial Security Institute announced on the 27th that they will operate an intensive reporting period for the financial sector 'bug bounty' (security vulnerability reporting reward system) from June to August to proactively respond to cyber threats.
Bug bounty is a system where if white hackers or students discover and report vulnerabilities that cannot be found through internal security checks alone on websites, mobile apps, and home trading systems (HTS) operated by financial companies, they are evaluated and rewarded.
In the recent financial IT environment, where the introduction of new technologies such as artificial intelligence (AI), cloud computing, and open software is active, it is expected to play a significant role in the early detection and handling of new vulnerabilities such as zero-day attacks (hacking methods that exploit security vulnerabilities that have not yet been announced or for which countermeasures have not been announced).
In response to the heightened concerns about cyber threats both inside and outside the financial sector, financial authorities have actively encouraged more financial companies to check their security capabilities. As a result, a total of 32 financial companies, including banks, securities firms, and insurance companies, participated as targets for vulnerability detection. This is an increase of 10 companies compared to last year.
Anyone residing domestically or internationally who is a citizen of the Republic of Korea, including white hackers, students, and the general public, can apply to participate, write a vulnerability report, and submit it via email.
Regarding the reported vulnerabilities, a reward of up to 10 million won will be given after evaluation by expert committees on importance and impact from September to November. Outstanding vulnerability reporters will be given preferential treatment when applying for jobs at the Financial Security Institute.
The Financial Supervisory Service and the Financial Security Institute plan to continue expanding and promoting the bug bounty while considering providing incentives to encourage more hackers to participate.
sjmary@fnnews.com Seo Hye-jin Reporter