The Ministry of Defence (MoD) has introduced its own bug bounty programme through which white hat hackers can disclose vulnerabilities to the UK government department without fear of prosecution.
Partnering up with HackerOne, the MoD has published a submission form that security researchers can use to report any bugs or flaws with systems or platforms managed by the UK’s defence authorities. Unlike bug bounty programmes commonly run by private companies, however, there is no monetary reward available for disclosure.
Researchers who find a security vulnerability relating to an MoD system must include details of the website IP or page where the vulnerability can be observed, a brief description of its nature, and steps to reproduce. These should be a benign and non-destructive proof-of-concept and works to ensure the report can be triaged quickly and with accuracy.