MoD makes first ever bounty payment to ethical hackers

By Laura Berrill
Share
The MoD has paid bounties to hackers for finding vulnerabilities in its computer networks before they could be exploited by adversaries

For the first time, two dozen civilian hackers were permitted to take part in the 30-day programme after undergoing background checks with HackerOne, a company that specialises in bug bounty competitions.

The MoD’s chief information security officer, Christine Maxwell, said the security test was "the latest example of the MoD's willingness to pursue innovative and non-traditional approaches" to securing its networks.

Bug bounty reward programmes offer cyber protection

Bug bounty programmes offer hackers financial rewards for discovering and disclosing software vulnerabilities so they can be fixed, rather than exploited by hostile states.

Many of the largest technology companies offer monetary rewards to security researchers - or  ‘ethical’ hackers - for disclosing vulnerabilities so that they can be patched and secured. The MoD is the latest government organisation to run such specific competitions for these purposes.

A spokesperson for Hacker One explained that the participants had been given privileged access to some of the MoD's internal web apps, but were not testing public-facing assets. However, Hacker One and the ministry agreed last December on a vulnerability disclosure policy for people who found issues.

Ms Maxwell went on to say that working with the ethical hacking community allowed the MoD to build a bench of tech talent to protect and defend its assets.

Worldwide governments waking up to the schemes

And Martin Mickos, the chief executive of HackerOne, said: "Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore”.

He added: "The UK MoD is leading the way in the UK government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example."

In the US, back in 2016, Katie Moussouris, a security researcher and the chief executive of Luta Security, worked with the US DoD to launch the Pentagon's first bug bounty programme after pioneering some of the fundamentals in the vulnerability disclosure field. This led to the more widespread adoption of the tactics in governments around the world.

 

 

 

Share

Featured Articles

Contentful Webinar: How AI is Reshaping Content Management

Software provider Contentful outlines technology transformation in content creation as market demands accelerate

How Bain & Company is Expanding its OpenAI Partnership

Bain & Company deepens collaboration with OpenAI to accelerate delivery of technology, establishing Center of Excellence for global industry solutions

EY Forms AI Council to Guide Global Tech Strategy

EY brings together 11 external experts from industry and academia to guide implementation of artificial intelligence across its global operations

How Toyota & NTT use AI to Create a Zero-Accident Society

AI & Machine Learning

Nvidia: Shaping the Rise of AI Humanoid Robots

AI & Machine Learning

Microsoft Reshuffles EMEA Leadership Amid AI Expansion Drive

AI & Machine Learning