Security

Bug bounty programs take root in Russia — with possible far-reaching implications

A handful of Russian government institutions have partnered up with Standoff 365 and BI.ZONE, which indicates a change in the perception bug bounty programs and the Russian hacking community, which until recently was seen as a threat to security rather than a means of enhancing it.

In February 2023, the Ministry of Digital Development enrolled 10 of its e-government systems, including Gosuslugi, the portal of the state services of the Russian Federation, on both the Standoff 365 Bug Bounty and the Bi.ZONE Bug Bounty platform. The maximum payout for finding a critical vulnerability is ₽1 million (US$11,000). According to the Ministry, more than 16,000 people have signed up for the government’s bug bounty program, with more than 100 vulnerabilities found so far.

These federal efforts are trickling down to regional governments as well. In December 2023, the municipal services of the Moscow Oblast (uslugi.mosreg.ru) launched its own bug bounty program on Standoff 365, followed by the Rostov Oblast in the same month with its geographical information system (RO GIS), and the Republic of Sakha also opened its electronic services to bug hunting in May 2024. Unlike programs launched by private companies, those affiliated with government institutions are open only to citizens of the Russian Federation.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button