Open to people in Finland

Ulkoministeriö Bug Bounty - Ministry for Foreign Affairs of Finland

Ministry for Foreign Affairs in Finland Bug Bounty. Are there vulnerabilities in the Minstry web site?

100€ - 5000€

2.12.2019 at 12.00 - 1.6.2020

Report     Rules (in Finnish)

Ministry for Foreign Affairs

The Ministry for Foreign Affairs promotes the security and welfare of Finland and the Finns, and works for a secure and fair world.

Program in a nutshell

The current scope is:

  • The MFA website
  • How and has been integrated to the website.

Other websites mentioned in the press release, like, will become in scope at a later date.

Note the current restrictions and limitations. These may change at some point which will be separately communicated:

  • WWW-functionality only (i.e. http/https-protocols).
  • Ways to change the text on the website is of special interest. However, if you can inject content into the website, please do it in non-visible manner (HTML comments, background coloured text etc).
  • No denial of service tests
  • If you can access any kind of user information or personally identifiable information, do not load or transfer them any more than necessary to show the vulnerability.

Read the rules. If you have trouble understanding Finnish, let us know and we'll translate.

  • You need to have a Finnish bank account and be a Finnish tax subject to take part in the program. You don't need to be a citizen. Bounties can be paid only to a Finnish bank account with a Finnish tax paperwork.
  • Use the reporting portal to report a vulnerability and do not publish it elsewhere.
  • If you don't know whether something is allowed or may cause issues with the targets, ask Hackrfi staff via the reporting portal
  • If you can access the server operating system, do not pivot to other hosts from there.

The shorthand name for this program in our reporting portal is UM (which comes from the word Ulkoministeriö).

Ministry for Foreign affairs cares about security, thank you!

Rules (in Finnish)     Report a vulnerability

Do you want to become a bug bounty hunter?

Create an account to our reporting portal, where you can submit reports to open programs.