For the first time in the UK‘■ The Ministry of Defense (MOD) is paying white hat hackers a bounty for discovering security bugs in computer networks and strengthening the security of the entire network and device.
In a 30-day bug bounty program, the mod paid 26 hackers an undisclosed amount to investigate vulnerabilities in the organization’s system before an attacker discovered and exploited it.
Based in the United States, which specializes in bug bounty contests and effectively outsources penetration testing, HackerOne ran the program using mods.
The mod states that it has asked hackers to investigate their devices by giving them “privileged access” to certain internal systems.
Individuals were only allowed to participate after undergoing a background check at HackerOne.
MOD and HackerOne had previously agreed on a vulnerability disclosure policy for the individual who discovered those issues, but participants had not tested public assets.
The program follows the government‘In March, we published an integrated review of security, defense, development and foreign policy. This highlighted the need for greater resilience and ability to tackle cyber threats. The government also used reviews to call for greater cooperation with various stakeholders.
‘[We] We will continue to leverage our bug bounty expertise, in addition to other features available to ensure cybersecurity and resiliency, “says MOD.
The military minister, James Heappey, described the bounty program as an exciting new feature for the Ministry of Defense.
“This work will help improve cyber and information security in the UK,” he added.
Christine Maxwell, MOD’s Chief Information Security Officer, said the effort is “an important step in reducing cyber risk and improving resilience.”
“Working with the ethical hacking community can build a bench for engineers and provide a wider range of perspectives for protecting and defending assets,” she explained.
Bug bounty programs are used throughout the industry as a way to reward ethical hackers for discovering and reporting computer system problems.
The majority of HackerOne users are from the US and Canada, followed by the long tail led by the UK, Germany, Singapore and Russia.