Aug 6, 2021
Laura Berrill

MoD makes first ever bounty payment to ethical hackers

Cybersecurity
bugbounty
Technology
The MoD has paid bounties to hackers for finding vulnerabilities in its computer networks before they could be exploited by adversaries

For the first time, two dozen civilian hackers were permitted to take part in the 30-day programme after undergoing background checks with HackerOne, a company that specialises in bug bounty competitions.

The MoD’s chief information security officer, Christine Maxwell, said the security test was "the latest example of the MoD's willingness to pursue innovative and non-traditional approaches" to securing its networks.

Bug bounty reward programmes offer cyber protection

Bug bounty programmes offer hackers financial rewards for discovering and disclosing software vulnerabilities so they can be fixed, rather than exploited by hostile states.

Many of the largest technology companies offer monetary rewards to security researchers - or  ‘ethical’ hackers - for disclosing vulnerabilities so that they can be patched and secured. The MoD is the latest government organisation to run such specific competitions for these purposes.

A spokesperson for Hacker One explained that the participants had been given privileged access to some of the MoD's internal web apps, but were not testing public-facing assets. However, Hacker One and the ministry agreed last December on a vulnerability disclosure policy for people who found issues.

Ms Maxwell went on to say that working with the ethical hacking community allowed the MoD to build a bench of tech talent to protect and defend its assets.

Worldwide governments waking up to the schemes

And Martin Mickos, the chief executive of HackerOne, said: "Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore”.

He added: "The UK MoD is leading the way in the UK government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example."

In the US, back in 2016, Katie Moussouris, a security researcher and the chief executive of Luta Security, worked with the US DoD to launch the Pentagon's first bug bounty programme after pioneering some of the fundamentals in the vulnerability disclosure field. This led to the more widespread adoption of the tactics in governments around the world.

 

 

 

Share article

You might also like these articles