The Ministry of Digital Development told about how it works with bug hunters. These white hat hackers are looking for vulnerabilities in the information systems of e-government. In this occupation, you can earn from five thousand rubles to one million rubles, depending on the criticality of the vulnerability found.
The ministerial bug bounty — a program under which you can receive a reward for detecting errors related to exploits and vulnerabilities — is already in its second phase.
The first stage took place from February to May 2023. Then more than eight thousand people tested the strength of «Gosuslugi» and the Unified Identification and Authentication System — 37 bugs were found.
The second stage is underway now, and there are more participants. Over three months of the program, 62 vulnerabilities were identified, most of which the Ministry of Digital Development classifies as «non-critical». Bug hunters are already attacking ten state digital systems:
- «Gosuslugi»;
- Unified Identification and Authentication System;
- Unified Biometric System;
- Feedback Platform;
- System of Interdepartmental Electronic Interaction;
- National Data Management System;
- Unified Information System for Managing the Personnel of the State Civil Service;
- Head Certification Center;
- Unified System of Regulatory Reference Information;
- Gosweb.
How to become a bug hunter
The Ministry of Digital Development notes that almost anyone can become a bug hunter. To do this, you need to register on special platforms BI.ZОNE Bug Bounty or Standoff 365 Bug Bounty, read and agree to the terms of the program.
Then you need to find a vulnerability, send information about the vulnerability through the platform and wait for confirmation of the vulnerability from the Ministry of Digital Development. After that, you can receive a reward.
In addition to the Ministry of Digital Development, however, many large companies use the services of bug hunters through specialized services. For example, «Astra Group», a leading Russian developer of operating systems, last year announced the launch of the Bug Bounty program for Astra Linux SE OS. It was decided to attract hackers in white hats on the BI.ZONE Bug Bounty platform.