Department of Defense hugs hackers to secure digital assets | business


LONDON – (BUSINESS WIRE) – 03. August 2021–

The UK Department of Defense (MoD) today announced the completion of its first bug bounty challenge with HackerOne. The Department of Defense’s program was a 30-day hack-assisted security test aimed at uncovering vulnerabilities before adversaries could exploit them. Following the recent UK Integrated Review, the UK Government called for “a more robust stance on security and resilience” and “an emphasis on openness as a source of prosperity”. The MoD Challenge is part of a company-wide commitment to building a culture of transparency and collaboration around security to combat cyber threats and improve national security.

“The MoD has followed a strategy of securing through design, with transparency being an essential part of identifying areas for improvement in the development process,” said Christine Maxwell, Chief Information Security Officer (CISO) at MoD. “It is important for us to push the boundaries further with our digital and cyber development in order to attract employees with skills, energy and commitment. Working with the ethical hacker community allows us to grow our tech talents and bring in more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities lie and working with the broader ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience. “

Bug bounty programs provide incentives for security research and reporting of security vulnerabilities in the real world in exchange for monetary rewards for qualified security vulnerabilities. These programs are industry best practices used by the most mature governments and organizations around the world. By disclosing vulnerabilities to security teams, ethical hackers are helping the Department of Defense secure its digital assets and defend against cyberattacks. This challenge is the latest example of the Department of Defense’s willingness to take innovative and unconventional approaches to ensure the performance and security of people, networks and data. The Department of Defense also requires that its “Secure by Design” principles be adopted by its supply chain when conducting audits to ensure compliance with DEFCON 658 and DefStan 05-138.

“It’s been proven that a closed and secret approach to security doesn’t work well,” said Trevor Shingles aka @sowhatsec, one of the 26 ethical hackers in the Department of Defense’s program. “I focused on identifying authentication bypasses that would allow unauthorized users to access systems that they shouldn’t. I successfully reported an OAuth misconfiguration that would have allowed me to change permissions and gain access but was able to fix and back up the MoD instead. The MoD’s openness in providing authorized access to its systems is real evidence that it uses all the tools at its disposal to truly harden and secure its applications. This is a great example not only for the UK but also for other countries to compare their own security practices. “

“Governments worldwide are aware that they can no longer secure their immense digital environments with conventional security tools,” says Marten Mickos, CEO of HackerOne. “A formalized process for accepting third-party vulnerabilities is considered best practice around the world, with the US government making it mandatory for its civil federal agencies this year. The UK Department of Defense is a leader in the UK government with forward-looking and collaborative solutions to secure its digital assets and I expect more government agencies to follow suit. “

Integration with partners and allies contributes to the MoD’s goal of being digitally safe and cyber resilience, and the bug bounty program aligns the MoD with its allies in the United States. The U.S. Department of Defense, Army, and Air Force all work with HackerOne’s ethical hacking community to make their software more secure.

About HackerOne

HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-based security platform, HackerOne gives companies access to the world’s largest hacker community. Equipped with the most robust database with vulnerability trends and industry benchmarks, the hacker community reduces cyber risk by looking for, finding and reporting real security weaknesses for companies in all industries and attack surfaces. Customers include the US Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter and Verizon Media. HackerOne ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020.

Via the UK Department of Defense

Ministry of Defense – GOV.UK (

What MoD does: “We are working for a safe and prosperous UK with global reach and influence. We will protect our people, territories, values ​​and interests at home and abroad through strong armed forces and in partnership with allies to ensure our security, support our national interests and ensure our prosperity. ”MOD is a ministerial division that is supported by 24 agencies and public institutions. Based on the statistics from April 1, 2021, MOD has 198,880 regular and reserve service staff and 56,920 civilian staff.

View source version on https: //

CONTACT: HackerOne

Emily James

[email protected]



SOURCE: HackerOne

Copyright Business Wire 2021.

PUB: 3/8/2021 5:00 AM / DISC: 3/8/2021 5:02 AM

Copyright Business Wire 2021.


About Author

Leave A Reply