back to article UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting

The Ministry of Defence has paid out the first bug bounties to ethical computer hackers who probed web-accessible systems for vulnerabilities, according to a cheery missive from HackerOne. A month-long "hacker security test" culminated in a couple of dozen folk being handed unspecified rewards – and marking the first public …

  1. elsergiovolador Silver badge

    Cobra Effect

    I wonder if this is going to actually reduce security.

    Poorly paid workers will have an incentive to leave backdoors and then share them with colleagues who will then be claiming the bounties and split the loot.

    It seems like they didn't think this through.

    1. Anonymous Coward
      Anonymous Coward

      Re: Cobra Effect

      We could just stop awarding contracts to Fujitsu, in fact, why not put them on the Cabinet Offices blacklist (like they were in 2012) as a high risk, especially as what is coming out about them supporting, and possibly even lying to the Post Office, in the Post Office Horizon miscarriage of justices

  2. Yet Another Anonymous coward Silver badge

    Bounds clearly set?

    Ok Germans, no attacking before the kick-off, no sending tanks through the Ardennes, no avoiding the Maginot line, no attacking the Empire.

    1. elsergiovolador Silver badge

      Re: Bounds clearly set?

      We should politely ask them to clear the Baltic sea bed from their bombs, that could keep them busy for a few decades.

  3. amanfromMars 1 Silver badge

    Pay peanuts, get monkeys and donkeys and wannabe lions in uniforms.

    the famously cash-strapped MoD

    Oh FFS ..... pull the other one, it's got bells on it. Governments and militaries, amongst other sundry institutions, always have a bottomless pit of flash fiat cash to splash, and don't let anyone tell you otherwise and reveal themselves as ignorant of the fact.

    Haven't you yet worked out how everything happens around you, and how it is paid for?

    1. marcellothearcane

      Cash-strapped MoD

      I took that line to be sarcastic.

      1. amanfromMars 1 Silver badge

        Re: Cash-strapped MoD

        I took that line to be sarcastic. .....marcellothearcane

        :-) Indeed so, marcellothearcane, you are certainly correct. Thanks for making that point so perfectly clear.

        The madness though is, with so much being spent, ..... and with so much of the spend also admittedly being a known unknown and zealously guarded Top Secret to boot .... so little is returned to reward MoD efforts. Such suggests a greater and more intelligent leadership and programs are required to succeed extensively and exemplarily in all fields which would do battle with ....... well, proactive engagement is where all the novel revolutionary advances are made to be maintained and sustained for exploitation and export/import.

        It is hard not to equate such as may flit between crazy and lazy madness as simple incompetence which opens up a vast range of doors to stores in which to rummage and lay waste to assets uncovered there if ever it be decided they be designedly incompatible with future greater use purpose.

  4. Anonymous Coward
    Anonymous Coward

    Found a list of Vulnerabilities

    The important element is that you fix the list of vulnerabilities and test again.

    It's like an MoT only as good as the day it was carried out on.

    1. Alan Brown Silver badge

      Re: Found a list of Vulnerabilities

      My experience of this is that the average jobsworth will fix the first one on the list, submit it as fixed then go full metal "Karen" when informed the rest of the holes are still there

  5. macjules
    IT Angle

    Bounty please!

    I have identified that MoD civil servants above a certain rank are able to remove 'Above Top Secret' classified pink documents and leave them at bus tops.

    Please contact me with how you wish to pay me my bounty. Please note that chocolate bars labelled 'Bounty' are not accepted - I hate coconut.

    1. Alan Brown Silver badge

      Re: Bounty please!

      as one commenter pointed out:

      Who the fuck prints things like that anymore, let alone removes printed material from an office when electronic transportation is easier?

      The credibility of that leak falls down badly once you think about that aspect

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like