The UK's Ministry of Defence has launched a bug bounty scheme, promising privateer pentesters they won't be prosecuted if they stick to the published script.
The MoD has joined forces with bug bounty platform HackerOne, with the scheme seemingly being aimed at those who probe external web-facing parts of the ministry's sprawling digital estate.
New guidance published on the GOV.UK pages for the MoD exhortss bug-hunters to submit only "benign, non-destructive, proof of concepts".
"The MOD affirms that it will not seek prosecution of any security researcher who reports any security vulnerability on a MOD service or system, where the researcher has acted in good faith and in accordance with this disclosure policy," it stated.
Lest anyone gets the idea that running Nessus across MoD websites is going to ..
Support the originator by clicking the read the rest link below.
