MoD makes first ever bounty payment to ethical hackers

By Laura Berrill
The MoD has paid bounties to hackers for finding vulnerabilities in its computer networks before they could be exploited by adversaries

For the first time, two dozen civilian hackers were permitted to take part in the 30-day programme after undergoing background checks with HackerOne, a company that specialises in bug bounty competitions.

The MoD’s chief information security officer, Christine Maxwell, said the security test was "the latest example of the MoD's willingness to pursue innovative and non-traditional approaches" to securing its networks.

Bug bounty reward programmes offer cyber protection

Bug bounty programmes offer hackers financial rewards for discovering and disclosing software vulnerabilities so they can be fixed, rather than exploited by hostile states.

Many of the largest technology companies offer monetary rewards to security researchers - or  ‘ethical’ hackers - for disclosing vulnerabilities so that they can be patched and secured. The MoD is the latest government organisation to run such specific competitions for these purposes.

A spokesperson for Hacker One explained that the participants had been given privileged access to some of the MoD's internal web apps, but were not testing public-facing assets. However, Hacker One and the ministry agreed last December on a vulnerability disclosure policy for people who found issues.

Ms Maxwell went on to say that working with the ethical hacking community allowed the MoD to build a bench of tech talent to protect and defend its assets.

Worldwide governments waking up to the schemes

And Martin Mickos, the chief executive of HackerOne, said: "Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore”.

He added: "The UK MoD is leading the way in the UK government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example."

In the US, back in 2016, Katie Moussouris, a security researcher and the chief executive of Luta Security, worked with the US DoD to launch the Pentagon's first bug bounty programme after pioneering some of the fundamentals in the vulnerability disclosure field. This led to the more widespread adoption of the tactics in governments around the world.





Featured Articles

How digital twins unlock enterprises’ sustainability efforts

With sustainability increasingly on corporate and government agendas, over half of enterprises believing digital twin technology is critical to ESG efforts

Avast: Cybercriminals use common apps to lure victims

Two out of three cyber threats now leverage social engineering, with attackers using common applications from Microsoft and Adobe to distribute malware

World Password Day: Study shows enthusiasm for passwordless

Over half of global respondents told a study that they are excited about passwordless authentication options like biometrics, passkeys, or security keys

SAP to accelerate AI innovation with IBM Watson

AI & Machine Learning

Half of organisations fell victim to ransomware attacks

Cloud & Cybersecurity

Nike and Cognizant expand their relationship into technology

Digital Transformation