The Ministry of Digital Development has published the interim results of the second stage of the Russian bug bounty program. The program, which offers rewards of up to one million rubles for finding errors related to exploits and vulnerabilities, already involves 16 thousand "white hat" hackers.
For several months, they have been searching for vulnerabilities in "Gosuslugi", SMEV, the feedback platform, and other government systems. Only the external perimeter of the systems is checked: bug hunters do not have access to internal data, and the vulnerabilities already found cannot be reused for hacking.
About 100 vulnerabilities were found in 10 systems. Most of them are of low criticality. The maximum payout for a found vulnerability was 500 thousand rubles.
In the future, the work of white hat hackers in Russia may become permanent rather than project-based. The State Duma is discussing two draft laws concerning the work of "white hat" hackers. The first should legalize the involvement of such specialists in testing IT infrastructure without the permission of copyright holders, and the second should regulate the procedure for organizing tests.
Currently, many large companies attract "white hat" hackers on a project basis through specialized services. For example, "Astra Group", a leading Russian developer of operating systems, announced the launch of a Bug Bounty program for Astra Linux SE OS last year. From government agencies, bug hunters are attracted not only by the Ministry of Digital Development to test the vulnerabilities of e-government, but also by "Russian Post".
Read more on the topic:
A new type of cyber espionage has emerged against Russian companies
The National Guard has developed its own cyber range: what it is and what it is for
