MoD makes first ever bounty payment to ethical hackers

By Laura Berrill
The MoD has paid bounties to hackers for finding vulnerabilities in its computer networks before they could be exploited by adversaries

For the first time, two dozen civilian hackers were permitted to take part in the 30-day programme after undergoing background checks with HackerOne, a company that specialises in bug bounty competitions.

The MoD’s chief information security officer, Christine Maxwell, said the security test was "the latest example of the MoD's willingness to pursue innovative and non-traditional approaches" to securing its networks.

Bug bounty reward programmes offer cyber protection

Bug bounty programmes offer hackers financial rewards for discovering and disclosing software vulnerabilities so they can be fixed, rather than exploited by hostile states.

Many of the largest technology companies offer monetary rewards to security researchers - or  ‘ethical’ hackers - for disclosing vulnerabilities so that they can be patched and secured. The MoD is the latest government organisation to run such specific competitions for these purposes.

A spokesperson for Hacker One explained that the participants had been given privileged access to some of the MoD's internal web apps, but were not testing public-facing assets. However, Hacker One and the ministry agreed last December on a vulnerability disclosure policy for people who found issues.

Ms Maxwell went on to say that working with the ethical hacking community allowed the MoD to build a bench of tech talent to protect and defend its assets.

Worldwide governments waking up to the schemes

And Martin Mickos, the chief executive of HackerOne, said: "Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore”.

He added: "The UK MoD is leading the way in the UK government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example."

In the US, back in 2016, Katie Moussouris, a security researcher and the chief executive of Luta Security, worked with the US DoD to launch the Pentagon's first bug bounty programme after pioneering some of the fundamentals in the vulnerability disclosure field. This led to the more widespread adoption of the tactics in governments around the world.





Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation