UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting

2021-08-03 14:20

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne.

A month-long "Hacker security test" culminated in a couple of dozen folk being handed unspecified rewards - and marking the first public confirmation of HackerOne's UK government partnership.

The MoD scheme's groundworks were laid back in December when the ministry promised not to arrest bounty-hunting experts, as we reported.

Setting up a HackerOne bug bounty scheme involves paying successful reporters; a compsci student bagged £36,000 in July after spotting an access token on GitHub that gave the world and his dog read and write access to private Shopify repositories.

No information was given on how much the famously cash-strapped MoD coughed up for the vulns its vetted researchers found.

Marten Mickos, HackerOne's chief exec, gave the ministry a pat on the back for its "Forward-thinking and collaborative solutions to securing its digital assets," pointing to the US government's adoption of his company's service a few years ago.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/03/hackerone_mod_bug_bounties/

#bugbounties #ministryofdefence #pentesting #UK