Department of Defense embraces hackers to secure digital assets | Company
LONDON – (BUSINESS WIRE) – August 3, 2021–
The UK Ministry of Defense (MoD) today announced the conclusion of its first bug bounty challenge with HackerOne. The Department of Defense program was a 30-day, hacker-fueled security test aimed at highlighting vulnerabilities before they could be exploited by adversaries. Following the UK’s recent integrated review, the UK government called for ‘a stronger stance on security and resilience’ and ‘a focus on openness as a source of prosperity’. The MoD Challenge is part of an organization-wide commitment to re-establish a culture of transparency and collaboration around security in order to combat cyber threats and improve national security.
“The Department of Defense has adopted a strategy of security by design, with transparency being an integral part of identifying areas for improvement in the development process,” said Christine Maxwell, Chief Information Security Officer ( CISO) at the Ministry of Defense. “It is important for us to continue to push the boundaries of our digital and cyber development to attract people with skills, energy and commitment. Working with the ethical hacking community allows us to develop our technological talent bank and bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities lie and working with the entire ethical hacking community to identify and fix them is a critical step in reducing cyber risks and improving resilience.
Bug bounty programs encourage security research and reporting of actual security vulnerabilities in exchange for monetary rewards for qualified vulnerabilities. These programs are an industry best practice used by governments and more mature organizations around the world. By disclosing vulnerabilities to security teams, ethical hackers will help the Department of Defense secure its digital assets and defend against cyber attacks. This challenge is the latest example of the Defense Ministry’s willingness to pursue innovative and non-traditional approaches to ensure the capacity and security of people, networks and data. The Department of Defense is also calling for its ‘security by design’ principles to be adopted by its supply chain as it conducts audits to ensure compliance with DEFCON 658 and DefStan 05-138.
“A closed and covert approach to security has been proven to not work well,” said Trevor Shingles aka @sowhatsec, one of the 26 ethical hackers on the Defense Department’s program. “I focused on identifying authentication bypasses that would allow unauthorized users to access systems they shouldn’t. I successfully reported an OAuth misconfiguration which would have allowed me to change permissions and access, but instead I was able to help the MoD fix and secure. That the Department of Defense is as open as it has been in providing authorized access to their systems is a real testament that they are embracing all the tools at their disposal to really toughen up and secure their applications. This is a great example to set not only for the UK but also for other countries to compare their own security practices.
“Governments around the world are realizing that they can no longer secure their huge digital environments with traditional security tools,” says Marten Mickos, CEO of HackerOne. “Having a formalized process for accepting third-party vulnerabilities is widely considered best practice globally, with the US government making it mandatory for its federal civilian agencies this year. The UK Ministry of Defense is leading the way for the UK government with forward-thinking and collaborative solutions to secure its digital assets and I predict we will see more government agencies follow suit.
Integration with partners and allies contributes to the Department of Defense goal of being digitally secure and cyber resilient, and the bug bounty program aligns the Department of Defense with its allies in the United States. The US Department of Defense, US Army, and US Air Force all work with HackerOne’s ethical hacking community to make their software more secure.
HackerOne helps the world to build a safer Internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest hacker community on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risks by securely researching, finding, and reporting real-world security weaknesses for them. organizations from all sectors and attack surfaces. Customers include the US Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on Fast Company’s World’s Most Innovative List for 2020.
About the UK Ministry of Defense
What the Department of Defense does: “We are working for a secure and prosperous UK with global reach and influence. We will protect our people, our territories, our values and our interests at home and abroad, through strong armed forces and in partnership with allies, to ensure our security, support our national interests and safeguard our prosperity. The MOD is a ministerial department, supported by 24 agencies and public bodies. Based on statistics from April 1, 2021, the MOD has 198,880 regular and reserve service personnel plus 56,920 civilian personnel.
View source version on businesswire.com:https://www.businesswire.com/news/home/20210803005154/en/
KEYWORD: EUROPE UNITED STATES UNITED KINGDOM NORTH AMERICA CALIFORNIA
INDUSTRY KEYWORD: SOFTWARE TECHNOLOGY INTERNET SECURITY
SOURCE: Hacker One
Copyright Business Wire 2021.
PUB: 08/03/2021 05: 00 / DISC: 08/03/2021 05:02
Copyright Business Wire 2021.