UK Defense Ministry paid hackers to find flaws in computer systems
Around 2 dozen civilian hackers took part in 30-day bounty competition, ministry announces
The British Defense Ministry announced on Tuesday that for the first time it had paid bounties to hackers to find vulnerabilities in its computer networks.
HackerOne carried out checks on around two dozen civilian hackers for the 30-day competition; the company specializes in organizing such bounty competitions.
The aim of the ministry’s security test was to give financial rewards to hackers for finding vulnerabilities in its software so that they can be fixed before they are found and exploited by hostile states.
Christine Maxwell, the ministry’s chief information security officer, said the competition was “the latest example” of its “willingness to pursue innovative and non-traditional approaches.”
The US Defense Department also runs similar competitions, as do some of the world’s largest technology companies.
“Governments worldwide are waking up to the fact that they can’t secure their immense digital environments with traditional security tools anymore,” said HackerOne CEO Marten Mickos.
“Having a formalized process to accept vulnerabilities from third parties is widely considered best practice globally, with the US government making it mandatory for their federal civilian agencies this year.”
He added that the UK ministry “is leading the way in the UK government with forward-thinking and collaborative solutions to securing its digital assets and I predict we will see more government agencies follow its example.”