Yandex will allocate about 100 million rubles to reward “white hat” hackers
CrimeaPRESS reports:
Yandex is actively developing its work with “white hat” hackers; in 2023, it paid such specialists 70 million rubles to search for vulnerabilities in services and infrastructure. This year, 100 million rubles will be allocated for these purposes.
Yandex plans to pay ethical hackers about 100 million rubles in 2024. We are talking about participants in the Bug Hunting program — this is Yandex’s ongoing program to reward those who understand computer security, find vulnerabilities in the company’s products and report them for a reward.
In 2023, Yandex paid Bug Hunt participants 70 million rubles – almost twice as much as the year before. The company explained that they began to pay increased rewards for found vulnerabilities, and several competitions were also held to find specific types of errors, in which rewards can increase 10 times compared to regular payments.
At the same time, Yandex sees a specific benefit from holding such competitions — they help to increase the number of reports and focus the attention of “white hat” hackers on the most important security areas for the company. For example, one of these competitions was held specifically to search for vulnerabilities that could lead to data leaks.
We are interested in growing the Bug Hunt audience, as this is an important part of testing our services for strength. The bug hunter community consists of strong developers, researchers, and security specialists. For them, finding vulnerabilities is an opportunity to use their skills and strengthen the security of the services they use every day. For us — additional help in strengthening the protection of our services and user data, as well as the opportunity to evaluate the security of services with an independent view,” noted Yandex product security team leader Ivan Chalykin.
In total, 528 researchers took part in the Yandex bughunter program in 2023, they sent 736 bug reports that complied with the program rules. For 378 unique and first-time findings, the researchers received payments, and all critical errors were corrected. Moreover, you can participate in the program more than once — for example, one of the ethical hackers earned 17 million rubles by sending 41 unique reports.
In 2023 alone, Russian specialists repelled more than 65 thousand cyber attacks on critical information infrastructure. The numbers are very impressive, and they continue to grow, as do companies’ concerns about vulnerabilities that they cannot identify without the help of external specialists, notes Anton Nemkin, a member of the State Duma Committee on Information Policy, Information Technologies and Communications.
Despite the obvious benefits that the work of “white hat” hackers brings, today they are in a vulnerable position from the point of view of Russian legislation. This is very strange, because work to protect the digital circuit should be proactive, and not as a reaction to events that have already happened. This is especially important now when it comes to protecting key government systems and services in the face of unprecedented external attacks, the active phase of which will continue throughout the year in connection with the holding of Presidential elections in our country, — says the deputy.
That is why the State Duma is already working on bills that should make the work of “white hat” hackers in Russia easier and bring it out of the shadows.
One of them, proposing amendments to the Civil Code, regulates the possibility of testing the security of systems without violating the copyrights of their creators and owners. It has already been submitted to the State Duma. Now the second bill is ready for introduction — it proposes to amend Article 16 of the Federal Law “On Information, Information Technologies and Information Protection”. We propose at the legislative level to establish the ability of the owner of information, the operator of the information system, under conditions determined by him, to carry out measures to identify vulnerabilities of the information system, including with the involvement of specialists who are not his employees. In general, in Russia there are certain risks for the work of “white” hackers, which we are trying to mitigate with our bills. I am sure that when they come into force, the popularity of “white hat” hackers will increase exponentiallyNemkin explained.
We live in a world in which information is an important aspect of society, and protecting the country’s information field is an important mechanism for the operation of all systems. White hat hackers can be a powerful tool in providing this protection if we allow them to use all their skills for the good of the country.
source: press service of the Russian State Duma deputy Anton Nemkin
Crimea news | CrimeaPRESS: latest news and main events
Comments are closed.