“Izvestia”: The Ministry of Digital Development will pay “white” hackers up to a million rubles

The Ministry of Digital Development has launched the second stage of Bug Bounty, a program for white hat hackers to search for vulnerabilities on Gosuslugi and other government portals. For discovering “holes”, hackers will receive a reward depending on the degree of danger of the flaw. About it report “News”.

Thus, a “hole” with the lowest danger is estimated at up to 30 thousand rubles, medium – up to 100 thousand rubles, high – up to 300 thousand rubles, and critical – up to 1 million rubles. During the first stage of the program, which ran from February to May 2023, 37 vulnerabilities were identified and have already been fixed. The total amount of remuneration was 1.95 million rubles.

As the department reported, the new stage of the program will last a year, and not three months like the previous one. Bug Bounty has also been extended to all e-government systems.

A member of the State Duma Committee on Information Policy, Anton Nemkin, assessed the risks that the legalization of the activities of “white” hackers in the Russian Federation could entail. The main problem, in his opinion, is that “unethical” hackers may begin to take advantage of what their “ethical” colleagues have discovered. “You need to understand that we are definitely not giving hackers a free hand; their activities will also be closely monitored by authorized agencies, and any serious violation will entail liability. Our task is to ensure that this responsibility does not arise without reason,” the deputy noted.

In July, it was reported that the Ministry of Digital Development plans to legalize “white hat” hackers in Russia. For these purposes, the department intends to enshrine the concept of Bug Bounty in legislation and launch a bonus program for “white hat” hackers. Such a measure would allow them to be involved in the analysis of vulnerabilities in government information systems, while protecting them from accusations of “illegal access” to information.