Read at ComputerWeekly.com
The Ministry of Defence has expanded its partnership with ethical hacking and penetration testing specialist HackerOne to include some of its key suppliers. The MoD's defensive security programme, which originally included a vulnerability disclosure programme paying out bug bounties, has now involved over 100 ethical hackers identifying and fixing vulnerabilities to improve cyber security. The MoD aims to build a culture of transparency and collaboration to protect critical digital assets from malicious threats.
The decision to partner with HackerOne and leverage its community of ethical hackers was part of an organisation-wide commitment to building a culture of transparency and collaboration to improve national security.
By including key suppliers in the vulnerability disclosure programme, the MoD hopes to encourage the adoption of best practices throughout its supply chain and eventually have all its partner firms run their own VDPs. Kahootz, a supplier of cloud software-as-a-service collaboration platform services, is one of the suppliers already involved in the expanded programme. The MoD's CISO believes that working with the ethical hacking community brings diverse perspectives and helps reduce cyber risk and improve resilience.
Working with the ethical hacking community allows us to bring more diverse perspectives to protect and defend our assets. Understanding where our vulnerabilities are and working with the wider ethical hacking community to identify and fix them is an essential step in reducing cyber risk and improving resilience.