MoD makes first ever bounty payment to ethical hackers

By Laura Berrill
The MoD has paid bounties to hackers for finding vulnerabilities in its computer networks before they could be exploited by adversaries

For the first time, two dozen civilian hackers were permitted to take part in the 30-day programme after undergoing background checks with HackerOne, a company that specialises in bug bounty competitions.

The MoD’s chief information security officer, Christine Maxwell, said the security test was "the latest example of the MoD's willingness to pursue innovative and non-traditional approaches" to securing its networks.

Bug bounty reward programmes offer cyber protection

Bug bounty programmes offer hackers financial rewards for discovering and disclosing software vulnerabilities so they can be fixed, rather than exploited by hostile states.

Many of the largest technology companies offer monetary rewards to security researchers - or  ‘ethical’ hackers - for disclosing vulnerabilities so that they can be patched and secured. The MoD is the latest government organisation to run such specific competitions for these purposes.

A spokesperson for Hacker One explained that the participants had been given privileged access to some of the MoD's internal web apps, but were not testing public-facing assets. However, Hacker One and the ministry agreed last December on a vulnerability disclosure policy for people who found issues.

Ms Maxwell went on to say that working with the ethical hacking community allowed the MoD to build a bench of tech talent to protect and defend its assets.

Worldwide governments waking up to the schemes

And Martin Mickos, the chief executive of HackerOne, said: "Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore”.

He added: "The UK MoD is leading the way in the UK government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example."

In the US, back in 2016, Katie Moussouris, a security researcher and the chief executive of Luta Security, worked with the US DoD to launch the Pentagon's first bug bounty programme after pioneering some of the fundamentals in the vulnerability disclosure field. This led to the more widespread adoption of the tactics in governments around the world.





Featured Articles

Microsoft in Japan: $2.9bn Investment to Boost AI & Cloud

Microsoft has announced it is investing US$2.9bn over the next two years to increase its hyperscale cloud computing and AI infrastructure in Japan

Amazon CEO Andy Jassy: Future of Gen AI to be Built on AWS

Describing it as the largest technology transformation since the cloud, Amazon CEO Andy Jassy explains how AWS aims to power the Gen AI revolution

Apple Bringing Spatial Computing to Business With Vision Pro

Apple has announced how its Vision Pro is bringing a new era of spatial computing to business, working with companies like SAP, Microsoft, Nvidia and Cisco

Top 100 Women 2024: Beth Galetti, Amazon - No.3

AI & Machine Learning

Google Cloud Next 2024: Pushing the Next Frontier of AI

AI & Machine Learning

Top 100 Women 2024: Ruth Porat, Google - No.2

Digital Transformation