GC "Astra", a leading Russian developer of operating systems, has announced the launch of the Bug Bounty program for Astra Linux SE OS. It was decided to attract hackers in white hats on the BI.ZONE Bug Bounty platform - this is a Russian analogue of the well-known international Hucker One.
As part of the Bug Bounty program, GC "Astra" will pay rewards of up to 250,000 rubles for critical vulnerabilities found. Researchers, or so-called "white hat hackers", can report vulnerabilities they find via a special form on the program website. The amount of the reward will depend on the level of complexity of the detected system vulnerability.
At the time of writing, vulnerabilities have been reported twice. But only one of them was confirmed. Apparently, the company did not consider its level high, so the researcher was paid only 5,000 rubles.
We are ready to pay not just for the mistakes found, but specifically for the implementation of unacceptable events. This is an approach that almost no one in Russia has practiced yet. Our company has deployed secure development processes; at the same time, it is important for us to identify problems that can lead to negative consequences in the customer's infrastructure. I am sure that this will have a positive impact on the reputation of GC "Astra" as a mature developer who is confident in the reliability and security of its software
Evgeny Voloshin, Director of the Security Analysis and Anti-Fraud Department of BI.ZONE, expressed the hope that the Bug Bounty program will become an important tool necessary for even greater security in the Russian OS, and will also help "maintain high resistance to constantly evolving and changing modern cyber threats."
At the end of March 2023, the Ministry of Digital Development, Communications and Mass Media of the Russian Federation registered BI.ZONE Bug Bounty in the register of domestic software.