Skip to Content

The Digital and Population Data Services Agency's bug bounty program expands to Suomi.fi Messages  

Publication date 13.2.2023 9.13 | Published in English on 13.2.2023 at 9.17
Press release

As of 13 February 2023, the Digital and Population Data Services Agency's bug bounty program will expand to cover Suomi.fi Messages. In the program, the Agency cooperates with white hat hackers to identify potential security deficiencies in the services. The bug bounty program will continue until 30 April 2023. 

‘At worst, the vulnerabilities of digital services lead to a successful data breach. It is very useful to carry out long-term communal testing, such as the bug bounty program, on services that are open to the Internet,’ says Pekka Ristimäki, Head of Information Security at the Digital and Population Data Services Agency.

Hacking during the program does not compromise the security of the systems. On the contrary, a large group of testers enables more extensive testing and efficient identification of potential vulnerabilities.

How does hacker collaboration work?

Professional and amateur hackers are invited to participate in the bug bounty program to carry out information security research on the services targeted by the program. The programs are communal vulnerability security tests in which external testers, i.e. hackers, are given the opportunity to test organisations’ digital services within the agreed principles and limitations.
‘We have engaged in similar cooperation with hackers in the past, and the experiences have been good. The bug bounty program complements our standard application testing. At the same time, talented hackers are given the opportunity to test their skills with permission and make some money on the side,’ says Pekka Ristimäki.

Hackers register for testing and commit to following the established rules. If vulnerabilities are found, the person who finds them will be paid a fee in proportion to the significance of the finding. The fees range between €100 and €30,000.

The bug bounty program is produced by Hackrfi Oy, a company specialising in the management of communal vulnerability coordination and information security testing. The Digital and Population Data Services Agency's bug bounty program takes place from 31 October 2022 to 30 April 2023. Participants will be invited on the basis of an application.

Read more about the Digital and Population Data Services Agency's bug bounty program and apply to it on the website of Hackrfi Oy: https://www.hackr.fi/ohjelmat/DVV-BB.html

Additional information

Digital and Population Data Services Agency, Head of Information Security Pekka Ristimäki, tel. +358 295 535 048, firstname.lastname[at]dvv.fi

On 31 October 2022, the Digital and Population Data Services Agency launched the bug bounty program, which looks for possible information security vulnerabilities in Suomi.fi services. The program tests the Suomi.fi Web Service as well as the Suomi.fi e-Identification, Suomi.fi e-Authorizations and Suomi.fi Messages interface.

Suomi.fi is an online service that collects public services and guidelines for people at different stages of their lives. You can also use Suomi.fi to check your own data in the registers of different authorities, receive official mail electronically and grant and request rights to act on behalf of another person or company. Suomi.fi is developed by the Digital and Population Data Services Agency.