Collaborate with us to enhance the cybersecurity of our national digital infrastructure. Your skills can help protect our nation's digital assets.
Report a vulnerability today and contribute to a more secure digital Maldives.
At NCSA, we believe we need everyone's help in securing our nation. We know there are incredibly talented individuals with specialized skills capable of uncovering issues within our digital ecosystem.
We encourage your enthusiasm and passion for cybersecurity. This program is our way to officially acknowledge your valuable contributions in making our nation a more secure digital space.
"When it comes to our nation, If not us then who? If not now then when?"
To fully embrace our motto of Nurture talent, Collaborate for strength, Secure our digital future, and Adapt to new challenges, we are excited to launch the NCSA Bug Bounty Program.
Contributions are recognized through a scoring system utilizing a custom tiered classification model primarily based on CVSS v3.1. Participants who responsibly disclose valid vulnerabilities will be awarded official, verifiable certificates issued by the National Cyber Security Agency (NCSA).
These certificates can be validated directly through our website, adding significant credibility and value to your recognized efforts in bolstering national cybersecurity.
If you have discovered any vulnerability or security concern within NCSA-managed or other national digital systems, please report it through our secure Message Us feature.
This system uses a simple email-based OTP verification for initial contact. We will investigate your findings thoroughly and acknowledge your valuable contribution.
Privacy & Recognition:
We understand you may wish to maintain your privacy. Initially, only an email address is required for reporting. If you are eligible for and wish to receive a certificate, we may then request your name to be printed on the certificate. Your privacy preferences will be respected.
NCSA does not authorise or encourage any actions that may harm government systems, services, or users. Any testing must be limited to safe verification without causing impact.
The National Cyber Security Agency (NCSA)’s Bug Bounty Programme is a non-commercial, voluntary national initiative aimed at promoting responsible vulnerability disclosure and strengthening cybersecurity resilience across government systems. While the programme accepts reports anonymously, certificates can only be issued following appropriate verification, in accordance with existing programme regulations. Participation does not establish any employment, contractual relationship, or entitlement to monetary or other rewards. All recognitions are granted solely at the discretion of NCSA and are subject to established processes, committee review and approval. Participants must act in good faith and strictly within ethical boundaries. This programme only accepts responsible reporting of vulnerabilities and does not permit: Exploitation of vulnerabilities, Data exfiltration or access to sensitive information, Privacy violations, Service disruption or system impairment and Any form of intrusive or harmful testing. Any violation of these principles may result in disqualification, revocation of recognition, and legal action where applicable.