Earlier, the international platform for the search and payment of awards for found vulnerabilities HackerOne suspended payments to white hackers from Russia and Belarus for the vulnerabilities they discovered.
Bug bounty is a program by which “ethical hackers” receive remuneration from companies for vulnerabilities found in their IT networks, systems and applications. The platform being created will allow information security experts to legally receive rewards for vulnerabilities found in the products of bug bounty program participants. The company, in turn, when placed on the platform, gives its consent to be “broken”. At the same time, it can restrict hackers in their actions, for example, prohibit the use of social engineering, not to attack other users of the system or application.
From April 1, 2022, the public bug bounty programs will be opened by the Cyberpolygon platform, and the Positive Technologies platform will appear in May, Kommersant writes. A similar project was announced by Rostelecom, but the status of the project is still unknown.
In November 2021, Positive Technologies announced The Standoff 365 online platform for conducting online cyber studies. Its beta testing was completed in December. The Standoff 365 consists of a cyber-polygon on which the operational and business processes of the fuel and energy complex are recreated and a bug bounty platform on which hackers who have discovered vulnerabilities will be able to receive rewards. And companies that will participate in such programs will be able to attract external expertise, thereby improving their level of information security. MVP is preparing for the first day of the Positive Hack Days forum, that is, by May 18. Despite the tight deadlines, we receive and take into account the ideas of our potential customers, whose experience will be useful in the set of functionality. For example, this is how we refined the billing system to understand the client how and what his budget is spent on, the ability to publicly disclose hacker reports to attract attention to the program and platform.
The amount of payment for an individual error starts from 5,000 rubles and can reach 400,000 or more. At the same time, the price for the implementation of unacceptable events can be ten times more.
Cyberpolygon expects that 10-15 public bug bounty programs will appear on the platform in one or two months and the same number of private ones. The number of “white hackers” on it will be up to 2.5 thousand, the company plans. The maximum amount of remuneration for a critical vulnerability in one of the programs that will appear on the platform in April is 3 million rubles.