.png){kind=logo}
2 months ago
31
Upgrade to High-Speed Internet for only ₱1499/month!
Enjoy up to 100 Mbps fiber broadband, perfect for browsing, streaming, and gaming.
Visit Suniway.ph to learn
Elijah Felice Rosales - The Philippine Star
January 24, 2026 | 12:00am
White hat hackers are cybersecurity professionals who use their hacking skills ethically to identify and report security vulnerabilities.
STAR / File
MANILA, Philippines — The Department of Information and Communications Technology (DICT) will employ the services of white hat hackers, also known as ethical hackers, for its Safe Harbor Policy and Bug Bounty Program (SHPBBP), where they will be tasked to infiltrate the digital systems of government agencies to point out security risks and weak spots.
White hat hackers are cybersecurity professionals who use their hacking skills ethically to identify and report security vulnerabilities. Unlike malicious hackers, white hats help organizations strengthen their defenses by exposing weaknesses before they can be exploited.
Under DICT’s Department Circular HRA-002, the agency issued a framework where ethical hackers would be immune from lawsuits if they manage to breach the digital systems of a public or private agency.
However, they have to comply with the parameters set by the DICT, particularly testing only on declared platforms. Further, they are prohibited from altering or removing data and disrupting the delivery of services.
On top of this, they are directed to report the vulnerabilities privately to the DICT, and no public disclosure could be made prior to resolution. Violating any of these provisions lifts the immunity to lawsuits and the right to be paid.
The DICT divided the SHPBBP into two: the private program, which is limited to a select group of experts; and the public program, which is an open invitation to cybersecurity researchers.
The recognition and rewards to be granted will be based on the level of vulnerabilities identified, with critical cases like a full system compromise bearing the highest prizes from the DICT.
The agency is requiring participants to submit requirements, including signing an agreement that affirms good faith and regulatory compliance, before taking part in the program.
To avoid conflict of interest, DICT said its own personnel and third-party suppliers are barred from receiving any recognition or reward from the program. The agency is also asking its private partners to enforce a similar policy in identifying conflict of interest.
The DICT said it would source bounty for the hackers from the budget of compromised agencies. It also requested private partners to extend financial and in-kind support like training activities.
The SHPBBP covers all agencies under the government, including state-owned firms, as well as private companies belonging to the Public-Private Cybersecurity Partnership Program.
