Ministry for Foreign Affairs
The Ministry for Foreign Affairs promotes the security and welfare of Finland and the Finns, and works for a secure and fair world.
Program in a nutshell
The current scope from 9.3.2020 is:
Note the current restrictions and limitations. These may change at some point which will be separately communicated:
- WWW-functionality only (i.e. http/https-protocols).
- Ways to change the text on the website is of special interest. However, if you can inject content into the website, please do it in non-visible manner (HTML comments, background coloured text etc).
- No denial of service tests
- If you can access any kind of user information or personally identifiable information, do not load or transfer them any more than necessary to show the vulnerability.
- If you send in a misuse report at the Väärinkäyttöilmoitus site, you must use the text "BUG BOUNTY TEST 2020" as part of the subject line.
- You may not take part in the Väärinkäyttöilmoitus bug bounty if you work with the said system.
Read the rules. If you have trouble understanding Finnish, let us know and we'll translate.
- You need to have a Finnish bank account and be a Finnish tax subject to take part in the program. You don't need to be a citizen. Bounties can be paid only to a Finnish bank account with a Finnish tax paperwork.
- Use the reporting portal to report a vulnerability and do not publish it elsewhere.
- If you don't know whether something is allowed or may cause issues with the targets, ask Hackrfi staff via the reporting portal
- If you can access the server operating system, do not pivot to other hosts from there.
The shorthand name for this program in our reporting portal is UM (which comes from the word Ulkoministeriö).
Ministry for Foreign affairs cares about security, thank you!
Rules (in Finnish)
Report a vulnerability