The Ministry of Digital Development will use the platforms of Positive Technologies and Cyberpolygon for Bug Bounty to find vulnerabilities of the Gosuslugi public services portal. However, at the moment, the ministry does not plan to actually reward the participants, because “the use of Bug Bounty platforms was proposed by the companies themselves”.

Yaroslav Babin, head of the Standoff 365 Bug Bounty by Positive Technologies, says white-hat hackers are willing to search vulnerabilities for free, because “they are interested in challenges and value the experience and their platform rating”. He believes, the participation can lead to being hired or invited to limited projects of other clients. Luka Safonov, Cyberpolygon CEO, says that in this particular case the company is ready to pay the rewards on its own, but “it will not be a matter of hundreds of millions, but about 100,000 rubles for one vulnerability”.

The founder of the DLBI data leakage and darknet monitoring service Ashot Oganesyan warns the participants “can use the opportunity for their own benefit”.

Earlier it was announced that the Ministry of Digital Development planned to introduce the concept of Bug Bounty into the legislation to legalize the payments to information security specialists, who look for vulnerabilities in information systems on a contractual basis.

Original in Russian