BACKGROUND:
As reported by Computer Weekly, the UK’s Ministry of Defence (MoD) has concluded it’s first-ever bug bounty challenge with security platform HackerOne, building on its commitment to develop a culture of collaboration around cyber security.
During the 30-day challenge, the MoD invited hackers to investigate vulnerabilities in its digital assets by giving them direct access to its internal systems, which was done with the aim of helping the MoD secure and defend them from cyber attacks.
The challenge follows the UK government’s publication of its integrated review of security, defence, development and foreign policy from March, in which it highlighted the need for greater capacity and resilience to deal with cyber threats, especially against critical national infrastructure (CNI).
<p>Bug bounties are an indispensable way of continually testing the security of a given platform and can save organisations, whatever size, huge financial strains in the long run. Bug bounty schemes are fantastic ways of allowing in even more skills to examine the security in a more dynamic approach. Effectively, the widespread cyber security community can become a dedicated and distributed bunch of full time CISOs offering stronger and better protection. <b><u></u><u></u></b><b><u></u> <u></u></b></p>
<p>Interestingly, the MOD did not already have a vulnerability disclosure policy in place as such schemes such as this are vital in modern day threat hunting. Maybe this was due to the trust that would be required to carry out the job fully. However, with the right checks in place this may be a case of better late than never and assuming it did well, we may not only see the MOD continue with the program but we may now see additional businesses follow suit.</p>