Bundeswehr Generalmajor officially acknowledges Whitehat for Responsible Disclosure Activities

Responsible Disclosure Program (VDPBW) 2021

One year has now passed since the Bundeswehr made public the first vulnerability disclosure policy (vdpbw) for a responsible disclosure program. Since our security researchers always like to be the first to test and actively participate in a bug bounty or responsible disclosure program, we naturally started this time as well.

Many security researchers from all over germany and even the eu participated in the program. Approximately 100 valid security vulnerabilities were submitted. The bundeswehr is already talking about a great success of the "VDPBW" program. One security researcher from the vulnerability-lab team, whom we all know particularly well as the usual suspect "Benjamin Mejri (Kunz)", has once again hit the bell of success.

Benjamin Kunz Mejri has reported about the most valid vulnerabilities to the security management of the German Armed Forces within 1 year. Among the reported vulnerabilities were bugs such as sql-injections, file-inclusions, code-executions, information disclosure, cross-site-scripting, misconfigurations or access vulnerabilities. Unfortunately, we cannot discuss the individual vulnerabilities and their technical details or exploitability in the Bundeswehr program within the public.

Due to the large number of the researcher's reports on all services, the security researcher Benjamin Kunz Mejri was able to reach the 1st rank with 28 reports in the Bundeswehr security program VDPBW after the first year. At the same time, he encouraged and supported the participation of other independent security researchers from germany as well as the european union.

A few days ago, we received an official invitation letter from the Bundeswehr that there will be a special meetup for the best security researchers in Bonn. Like in the governmental programs of other countries, we have thus our first success in germany with the government to chalk up, which was captured in some shining picture for the whitehat eternity.

Generalmajor Setzer & Benjamin Mejri (Kunz) - Coin handover in Bonn (CIRBW)

Generalmajor Setzer, Benjamin Mejri (Kunz), David Eckel & unknown CIR German Special Forces

David Eckel & Benjamin Mejri (Kunz) - Security Researchers (Whitehats)

We would like to thank the Bundeswehr and especially Generalmajor Setzer (CISOBW) for the acknowledgement, efforts and invite. Our team will continue to test and we hope that other researchers will participate in the program as well. Hopefully our good example for cooperation and exchange can be used by other german institutions to apply and recognize responsible disclosure as a valid technology.

Exclusive Interview:
https://www.bundeswehr.de/de/organisation/cyber-und-informationsraum/akt...

Reference(s):
https://www.bundeswehr.de/de/security-policy/vdpbw-coin
https://www.bundeswehr.de/de/organisation/cyber-und-informationsraum/akt...