Hackers look for gaps in the information security of Suomi.fi services – cooperation enables more secure digital services The Digital and Population

Data Services Agency is starting a new cooperative program with white hat hackers. The aim of the bug bounty program, which starts today on 16 October 2023, is to discover information security vulnerabilities in services such as Suomi.fi. 

Pekka Ristimäki, Head of Information Security at the Digital and Population Data Services Agency, points out that cybercrime is growing constantly, with criminal attacks targeting various digital services more and more often. 

- Digital services play an important role in all of our lives, as they allow us to use everyday services easily whenever and wherever. Testing systems in cooperation with white hat hackers is an excellent way to develop digital services and test their security, says Ristimäki.

Hacker cooperation complements normal application testing 

A white hat hacker is a person who has permission to look for vulnerabilities in an information system. Bug bounty programs promote ethical and lawful conduct among people interested in hacking. 

Hackers invited to participate in bug bounty programs can be either professionals or hobbyists. They test the information security of the services included in the bug bounty program. In a bug bounty program, external testers, i.e. hackers, are given the opportunity to test organisations’ digital services within the agreed principles and limitations.

– With societal functions becoming increasingly digitalised at a fast pace, the reliability of information systems is more important than ever. This is now the third time we are cooperating with white hat hackers. We’ve had very good experiences with previous cooperation. The cooperation nicely complements our normal application testing and enables more efficient testing of digital services and the development of their security. At the same time, the bug bounty program gives talented hackers the opportunity to test their skills with permission and make some money on the side, says Pekka Ristimäki.

Hackers register for testing and commit to following the established rules. If vulnerabilities are found, the person who finds them will be paid a fee in proportion to the significance of the finding. The fees range between €100 and € 30,000.

The bug bounty program is produced by Hackrfi Oy, a company specialising in the management of communal vulnerability coordination and information security testing. The Digital and Population Data Services Agency’s bug bounty program will continue for a year, starting on 16 October 2023. People are invited to participate based on applications.

Read more about the Digital and Population Data Services Agency’s bug bounty program and apply to it on the Hackrfi Oy website: https://www.hackr.fi/ohjelmat/DVV-BB.html

Additional information

Digital and Population Data Services Agency, Head of Information Security Pekka Ristimäki, 
tel. +358 295 535 048, firstname.lastname[at]dvv.fi