Information about the creation of this structure appeared in a number of Russian media outlets in response to cybersecurity challenges. The number of external attacks on state resources and websites in 2023 increased by 65% compared to 2022, and in 2024 Russia is the leader among countries in the number of databases leaked into the darknet.

Image source generated by the DALL•E 3 neural network

Currently, there is no single law in Russia regulating the norms of work of "white" hackers with state-owned companies and large structures after they help find vulnerabilities. There is also no constant interaction between structures that are of interest to hackers and "white" hackers who help identify vulnerabilities before incidents occur in the cybersecurity system of these structures.

Finding the necessary communication channel, as a rule, is not possible in either state or private organizations. One of the "white" hackers, as I know, could not contact a certain state organization for more than ten years, and it happened completely by accident. Another problem is the lack of necessary response from companies to reports of vulnerabilities discovered by "white" hackers.

Anton Nemkin, State Duma deputy, member of the State Duma Committee on Information Policy

Nemkin was among the initiators of a bill that would regulate the work of these ethical hackers, but since 2023 the bill has not been considered. The bill, as Nemkin told Rossiyskaya Gazeta, included a platform for interaction between hackers and companies. Such a system "should verify them, determine reliability, and, if they pass through these procedures, give them the opportunity to post messages about discovered vulnerabilities".

Currently, BI.ZONE Bug Bounty is already partially used for these purposes in Russia. This is a platform for checking the security of external infrastructure with the involvement of independent researchers. Thanks to it, in particular, the Ministry of Digital Development and other government agencies and large companies find those who test Gosuslugi, ESIA and other Russian digital systems for vulnerabilities.

In just one of the stages of the Russian bug bounty campaign from the Ministry of Digital Development in 2024, for example, 16 thousand "white hackers" found vulnerabilities for a reward in the Russian electronic government. About 100 vulnerabilities were discovered in 10 systems.

The registry of ethical hackers, on the one hand, will be able to accumulate data about them in one place and help find customers. On the other hand, cybersecurity experts fear that such a platform will become a significant target for hackers from countries unfriendly and hostile to Russia. In addition, a data leak about "white" hackers will also jeopardize the safety of their families and loved ones.