GC "Astra", a leading Russian developer of operating systems, announced the launch of the Bug Bounty program for Astra Linux SE. White-hat hackers were decided to be invited on the BI.ZONE Bug Bounty platform, this is a Russian counterpart of the well-known international Hucker One.
Within the framework of the Bug Bounty program, GC "Astra" will pay rewards of up to 250,000 rubles for critical vulnerabilities found. Researchers, or so-called "White hackers", can report about the vulnerabilities they found through a special form on the program's website. The amount of the reward will depend on the complexity level of the discovered system vulnerability.
At the time of writing the news, vulnerabilities were reported twice. But only one of them was confirmed. Apparently, the company did not consider its level high, so the researcher was paid only 5,000 rubles.
We are ready to pay not just for the errors found, but precisely for the implementation of unacceptable events. This is an approach that hardly anyone has practiced in Russia yet. In our company, secure development processes are rolled out; at the same time, it is important for us to identify problems that can lead to negative consequences in the customer's infrastructure. I am sure that this will positively affect the reputation of GC "Astra" as a mature developer, confident in the reliability and security of its software
Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention at BI.ZONE expressed hope that the Bug Bounty program will become an important tool for further enhancing security in the Russian OS, and also will help "maintain high resilience to constantly evolving and changing modern cyber threats".
In late March 2023, the Ministry of Digital Development, Communications and Mass Media of the Russian Federation registered BI.ZONE Bug Bounty in the domestic software registry.