Security News > 2020 > December > UK Ministry of Defence: We won't prosecute bug bounty hunters – oh btw, we now have one of those

UK Ministry of Defence: We won't prosecute bug bounty hunters – oh btw, we now have one of those
2020-12-10 10:28

The UK's Ministry of Defence has launched a bug bounty scheme, promising privateer pentesters they won't be prosecuted if they stick to the published script.

The MoD has joined forces with bug bounty platform HackerOne, with the scheme seemingly being aimed at those who probe external web-facing parts of the ministry's sprawling digital estate.

"The MOD affirms that it will not seek prosecution of any security researcher who reports any security vulnerability on a MOD service or system, where the researcher has acted in good faith and in accordance with this disclosure policy," it stated.

Lest anyone gets the idea that running Nessus across MoD websites is going to lead to a bumper payday, the guidance also says that reporting folk should not "Use high-intensity invasive or destructive scanning tools to find vulnerabilities." Phishing MoD staff is also out of bounds.

Singapore and America's defence ministries have been running bug bounties for years.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/10/uk_mod_bug_bounty/