Ministry for Foreign Affairs launches a bug bounty programme for finding vulnerabilities in online services

A bug bounty project provides opportunities for information security researchers and hackers to examine, within a set of defined boundaries, the information security of selected services on the Internet. The protective measures of the targeted systems will not be opened for the duration of the project. 

The programme includes the following Foreign Ministry’s online services: Ministry’s public web site um.fi, matkustusilmoitus.fi and vaarinkayttoilmoitus.fi. These online services are subject to unauthorised attacks and intrusion attempts anyway, so the Ministry wants to encourage legally operating hackers to examine the services and report on their findings against a fee.

“Today we need new ways of testing information security in addition to traditional information security audits”, says Antti Savolainen, Chief Information Security Officer at the Ministry for Foreign Affairs.

The information security of the Ministry for Foreign Affairs has been assessed, in accordance with their mandates and scale of activities, by the National Cyber Security Centre, Finnish Security and Intelligence Service, EU Council Security Committee and NATO Office of Security. In addition, the Ministry for Foreign Affairs has used several Finnish information security companies to evaluate its information security.

The Ministry for Foreign Affairs acquires its first bug bounty programme from Hackrfi. After a six-month pilot, a long-term bug bounty service acquirement is subject to public procurement.

The Ministry for Foreign Affairs wishes to continuously develop and improve the online services offered to citizens.

Inquiries: Antti Savolainen, Chief Information Security Officer, tel. +358 295 351 425, antti.j.savolainen(at)formin.fi

MFA's bug bounty programme on Hackrfi's website