CrimeaPRESS reports:
The Ministry of Digital Development has been conducting the second stage of the bug bounty program since November 2023. At the moment there are already 16 thousand. ethical or “white hat” hackers search for vulnerabilities in State Services, SMEV, feedback platform and other government systems.
The maximum reward they can receive is 1 million rubles. As shown by the interim results of the second stage of the program, experts were able to detect about 100 vulnerabilities in 10 systems. Most of them are of low criticality.
The first stage took place from February to May 2023, when more than 8 thousand people took part in it. As the Ministry of Digital Development reminded, in order to take part in the program and receive 1 million rubles, you must have Russian citizenship, be over 18 years old, register on the BI.ZONE Bug Bounty or Standoff 365 Bug Bounty platforms, and also be sure to comply with the rules of bug bounty platforms . “Specialists check only the external perimeter of systems and do not have access to internal data, and monitoring systems monitor the work of bug hunters — therefore, the vulnerabilities found cannot be used for hackingthe ministry added.
Ethical hackers, also known as “white hat” hackers, play an important role in protecting information systems and networks from malicious attacks, recalled Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications.
First and foremost, ethical hackers check systems for weaknesses that could be exploited by attackers. This helps organizations discover and fix vulnerabilities before they are exploited in actual attacks. They also help system developers and administrators improve security controls by offering recommendations and solutions to protect data and infrastructure. In addition, white hat hackers can also train employees and users on cybersecurity principles, which reduces the risk of successful human error attacks such as phishing or social engineeringnotes the deputy.
Despite the obvious benefits that the work of “white” hackers brings, today they are in a vulnerable position from the point of view of Russian legislation, Nemkin emphasized.
For example, to test the security of company systems today, “white hat” hackers need to obtain a lot of permissions from the copyright holder of each program that is part of the information system. Performing testing without such permissions may result in a violation of copyright, and the “white hat hackers” themselves may be required to pay compensation in the amount of 10 thousand rubles to 5 million rubles, or twice the cost of the right to use the corresponding program. Ethical hackers may also face criminal liability. — he said.
To ensure that the listed threats do not become an obstacle to the work of ethical hackers, a package of bills was developed that should help legalize their work in Russia.
One of the bills proposing amendments to the Civil Code has already been submitted to the State Duma and recommended by the State Construction Committee for adoption in the first reading. It regulates the possibility of testing the security of systems without violating the copyrights of their creators and owners. The second bill is also ready for introduction — it proposes to amend Article 16 of the Federal Law “On Information, Information Technologies and Information Protection”. It is currently undergoing final approvals. This bill provides for amendments to the legislation that will secure the ability of the information system operator, under conditions determined by him, to carry out activities to identify information system vulnerabilities, including with the involvement of specialists who are not its employees. We are also working on amendments to the Criminal Code, which propose to supplement a number of articles of the Criminal Code of the Russian Federation to eliminate possible risks of bringing “white hat” hackers to criminal liabilitysays Nemkin.
As the deputy emphasized, today we live in a world in which information is an important aspect of society, and protecting the country’s information field is an important mechanism for the operation of all systems.
White hat hackers can be a powerful tool in providing this protection if we allow them to use all their skills, subject to certain rules, for the good of the country.he concluded.
source: press service of the Russian State Duma deputy Anton Nemkin
Crimea news | CrimeaPRESS: latest news and main events
Comments are closed.