The UK government is unenthused about the utility of bug bounty programs and security.
At the cyberUK conference, while speaking during the media panel, Dr. Lan levy technical director of the UK’s national cybersecurity center(NCSC) understates the prospect of a wider government launch of bug bounty programs at any time.
Dr levy said that current UK government vulnerability disclosure programs meet current objectives.
He also said that people can report bugs to their vulnerability disclosure pilot service. And then they will work on the weekends to fix it. Like this people can directly report their issues.
Dr. Levy noted that Since UK government departments threatened legal action against security researchers for reporting security issues, things had moved forward.
The difference between the US and UK governments on the current utility of security features of the UK is smaller than in the US, said Dr. Levy.
Dr. Levy noted that the UK minister of defense is maintaining its own bug bounty program which is responsible for a large, geographically distributed series of systems.
If the UK wants to officially lunch bug bounty programs across the government then it has to ensure that baseline security standards had been achieved before inviting external security researchers to probe their web-facing assets for flaws.
Maddinson explained that this review shows “ where do you get the most impact for the money you spend on cybersecurity and resilience” and also added that the financing bug bounty lunch was not currently a spending priority.
We prioritize the activities that can make a significant difference with the money, as Concluded by Maddison.
