The government will push ahead with the country’s first pilot programme for a security vulnerability reporting, remediation and disclosure system.

The National AI Strategy Committee, the Ministry of Science and ICT, the National Intelligence Service and the Korea Internet and Security Agency (KISA) said on Wednesday they will 추진 the pilot programme for an "always-on vulnerability reporting and remediation scheme" to build a safe and transparent security ecosystem.

The scheme includes a Vulnerability Disclosure Policy (VDP) that allows white-hat hackers to legally find and report vulnerabilities, and a Coordinated Vulnerability Disclosure (CVD) policy that makes reported vulnerabilities public after remediation.

The United States and Europe already operate related systems, but South Korea has not yet introduced one. The government has been pushing to introduce the system after drawing up a comprehensive information security plan and a domestic roadmap for reporting, remediation and disclosure of security vulnerabilities, following a series of major security incidents last year.

The pilot was 마련됐다 to raise public awareness and pre-verify effectiveness ahead of institutionalisation set to be 추진 in earnest from next year. It also plans to allow participating white-hat hackers to use AI for hacking as AI-based always-on hacking threats have recently become a reality.

A total of 15 organisations and companies will take part, including 7 private-sector firms and 8 public institutions. Private-sector participants are LG Uplus, Nexon, NC, Toss Payments, Samsung Life Insurance, ESTsecurity and INCA Internet. Public-sector participating institutions and services are National Safety 24, the Health Insurance Review and Assessment Service, Vaccination Helper, KEPCO ON, the National Traffic Information Center, Cyber Inspection Office, the Economic Statistics System and the Public Institution Recruitment Information System.

Any white-hat hacker aged 19 or older with South Korean nationality can apply, and there is no limit on participants. The government will run safeguards to prevent harm such as personal data leaks or disruptions to network operations during vulnerability searches, including organisation-specific allowable policies, advance ethics training, compliance pledges and agreements for outsourcing personal data processing.

Applications will be accepted on the website for 2 weeks from May 29 to June 12. It will then proceed in June with advance ethics training and a participation approval process, followed by about 5 months of vulnerability searching, reporting and remediation through November. The final results will be disclosed at year-end.

White-hat hackers who discover outstanding vulnerabilities will receive a total of 16 commendations and prize money worth 20 million won across the public and private sectors.

Bae Kyung-hoon (배경훈), vice chair of the National AI Strategy Committee and the deputy prime minister and minister of science and ICT, said, "Security in the AI era is a core foundation that supports the national economy and security," adding, "We will actively contribute to creating a safe K-security ecosystem by using this pilot programme as a stepping stone."

The National Intelligence Service said, "We hope that, through the expertise of white-hat hackers, who are important partners in the national cybersecurity field, we can pre-emptively discover and improve potential vulnerabilities in national and public institutions," adding, "We will do our utmost in conducting the pilot programme so that the system can be established early."