The Bundeswehr has announced a vulnerability disclosure program and is calling on security researchers to do so to abuse their IT systems. The security researchers should report any gaps found to the Bundeswehr immediately so that it can close the vulnerabilities.

“Hey look: I hacked the Bundeswehr – lol” A common tactic that companies like Apple, Nintendo & Co. use to manage their online Making services more secure – with one big difference: the companies mentioned pay security researchers for gaps found, depending on the severity, with rewards in the amount of sometimes five-digit amounts. This is called the bug bounty program. In the Bundeswehr, however, there is no monetary bonus, but only a name entry on a thank you page.

Before the statement in an interview about vulnerability Disclosure program “We rely on the knowledge and help of the cyber community for a secure Internet in Germany and Europe.” strange and casts doubt on the appreciation of the security researchers. After all, they invest a lot of brainpower and time making other people’s systems more secure. Motivation is different.

(des)