| Developers: | BI.Zone (Safe Information Zone, Bison) |
| Date of the premiere of the system: | 2022/08/25 |
| Last Release Date: | 2023/11/02 |
| Branches: | Internet services, Information security |
Main article: Bughunters. Bug bounty. Vulnerability scanning
2023
Placement of the Bank Home program
Home Bank invites independent cybersecurity researchers registered on the BI.ZONEBug Bounty platform to check the security of their information systems. The public program covers the domains of home.bank, homecredit.ru, as well as the Internet bank and mobile application. The amount of remuneration depends on the criticality of the discovered vulnerabilities and can reach 200,000 rubles. The bank announced this on November 2, 2023.
 | Ensuring the safe and smooth operation of our services is a key priority in the work. bank We regularly analyze the security of our systems both on our own and with the involvement of external specialized companies. In addition to this, we are launching a program for searching for vulnerabilities in public mode so that all interested baghaners help us become even more secure and provide the maximum possible level data protection and funds of our clients, - said the Director of the Information Security Department of Home Bank. Nikolay Klendar |  |
| | According to world statistics, financial institutions are among the most active users of baghunter services. The trend is also characteristic of Russia: according to BI.ZONE Bug Bounty, 37% of the demand for baghunting falls on companies from the financial sector. Organizations with a high level of digitalization are trying new vulnerability detection tools because they are interested in maximum comprehensive protection. The launch of Home Bank's bagbounty program speaks of mature processes and a serious approach to ensuring the safe uninterrupted functioning of digital services, "said Evgeny Voloshin, Director of Security Analysis and Fraud Prevention, Director of Strategy at BI.ZONE. | |
Running a program to search for operating systems vulnerabilities on BI.Zone BugBounty
Astra Group of Companies, a Russian developer of operating systems, on August 24, 2023 announced the launch of a program to search for operating systems vulnerabilities on BI.ZONE BugBounty.
The operating system Astra Linux Special Edition will be checked. Within the framework of the partnership with BI.ZONE, Astra will place a public program with cash payments on the platform. The company will pay independent researchers for the implementation of unacceptable events within the system with the author's access delimitation mechanism, as well as with a functioning closed-loop software environment. BI.ZONE, for its part, will provide baghunters with access to the program, reception and processing of reports, and, when confirming the vulnerability, will pay a reward. Depending on the level of criticality of the vulnerability, the amount of payment can reach 250,000 rubles, and vulnerabilities of the "criticacal" category will be considered on an individual basis.
The Astra Group of Companies is confident that bagbounty can bring more significant results than the classic security analysis.
| | We are ready to pay not just for the errors found, but for the implementation of unacceptable events. This is an approach that almost no one has practiced in Russia yet. Our company has deployed secure development processes; at the same time, it is important for us to identify problems that can lead to negative consequences in the customer's infrastructure. I am sure that this will positively affect the reputation of Astra Group of Companies as a mature developer confident in the reliability and safety of its software, stated Ilya Sivtsev, General Director of Astra Group of Companies.
| |
Astra Group plans to extend the current program to other security subsystems and products. For everyone - both professionals and enthusiasts in the field of cybersecurity - Astra will publish a special constantly updated OS image with completed security settings, the effectiveness testing of which is especially interesting for developers.
| | The emergence on our platform of a program that aims to search for vulnerabilities in operating systems is a big step for us. We are pleased to partner with an experienced developer whose solutions are effectively used in organizations with high standards of information protection. The opening of its bagbounty program will help Astra continue to maintain a high resistance to constantly developing and changing cyber threats, noted Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, BI.ZONE.
| |
BI.ZONE BugBounty connects organizations and independent security researchers. Companies place vulnerability search programs on the platform that involve baghunters. They receive rewards from program owners for vulnerabilities found. This approach allows you to involve a wide range of specialists in finding weaknesses in the security system.
Import substitution of "white hackers." The main trends of Bug Bounty in Russia have been identified
The pioneers in the use of bug bounty were large companies from the financial sector, retail, IT. Now both medium and even small businesses come to the conclusion that this is an effective security analysis tool . This trend is noted in BI.Zone, which on August 24, 2023 summed up the work of its BI.Zone Bug Bounty platform for the year. Read more here.
Placement of SberAvto program
The service for choosing, buying and selling cars SberAvto will pay for Bughunters. Bug bounty. Vulnerability scanning the discovered. vulnerabilities SberAvto announced this on July 4, 2023.
The program on BI.ZONE Bug Bounty will cover the sberauto.com website, the web services of all. subdomains sberauto.com and "" mobile application SberAvto on the platform. Android Depending on the criticality of the threat, the reward for confirmed vulnerabilities will be up to 250,000. rubles
{{quote 'author = said Kirill Ilyin, Director of the Security Department, SberAvto. | In 2020, the SberAvto team launched a service that made it possible to implement elements of the process of buying and selling cars online. Over the past year, our audience has grown multiple times, and we feel even more responsible for customer safety. Bagbounty for us is first of all openness, attention data protection to and concern for the future of the company. We are confident that together with the researchers we will increase the security of SberAvto guarantee users security data,}}
| | Bagbounty programs ensure business continuity of security processes. The company gains access to an unlimited number of researchers, each with its own approach to finding vulnerabilities. Combining the efforts of full-time specialists and baghunters allows you to cover the entire range of threats, which is constantly growing and changing. Thanks to its bagbounty program, SberAvto will increase its resistance to modern advanced threats and strengthen the protection of users' personal data, noted Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention at BI.ZONE.
| |
Inclusion in the register of domestic software
At the end Ministry of Digital Development, Communications and Mass Media of the Russian Federation register of domestic software of March 2023, BI.ZONE Bug Bounty registered in. The platform is now officially among the products that companies state with participation can use. The company BI.Zone announced this on May 18, 2023.
Bagbounty programs are one of the most effective ways to detect vulnerabilities in companies' cybersecurity. Both business and the state are interested in their development.
BI.ZONE Bug Bounty brings together independent researchers and organizations. The platform also works with the program of the Ministry of Digital Development, Communications and Mass Media (Ministry of Digital Development of the Russian Federation). With BI.ZONE Bug Bounty, companies learn how secure their external infrastructure is, and baghunters are rewarded for vulnerabilities found. This is one of the first such sites in Russia. After the departure of foreign vendors, many independent researchers became its regular users.
The platform also helps businesses if difficulties arise during the launch of bagbounty programs. BI.ZONE Bug Bounty takes over payments, registration of cooperation, and also simplifies the search for baghunters. In addition, if necessary, BI.ZONE experts check the vulnerabilities found, freeing up the company's resources for other tasks.
| | The entry of BI.ZONE Bug Bounty into the register of the Ministry of Digital Development is an important event for us. This opens up additional possibilities for using the platform. Now we are ready to help even more organizations. We believe that our solution will make the business safer and more reliable, said Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, Director of Strategy BI.ZONE.
| |
Placement of "Sound" program
Sound will pay independent baghunters from the BI.ZONE Bug Bounty platform to detect potential security vulnerabilities in products and technology solutions as part of a running program. This was announced on April 26, 2023 by BI.Zone.
The search for bugs will occur in the audio service application Sound and its web versions after large-scale updates, as well as in two domains of the service for the development of artists and podcasters STUDIO. The reward will be up to 50,000 rubles.
The Sound initiative to create its own bagbounty program is associated with the intensive development of the service and is dictated by the need to test the strength of products in order to improve the security system. The bagbounty program will allow experienced researchers to check products for weaknesses and vulnerabilities. For example, identify potential flaws in user authorization and authentication mechanisms that allow unauthorized access to confidential information and application functions.
The reward for independent experts directly depends on the vulnerability found, the difficulty of detecting it and the potential damage.
{{quote 'author = said Alexander Korzhov, director of the information security department of HiFi streaming Sound. | User data protection is the number one priority. We are actively developing services, creating new products and constantly growing, so we need a fresh look and expertise from independent professionals. Security is paramount, so we are willing to pay anyone who finds potential weaknesses in our defense through a joint program with the BI.ZONE Bug Bounty platform. This practice has already proven itself to be effective, and we have high hopes for cooperation with baghunters,}}
Timeweb Placement
Provider Timeweb will pay independent researchers for those found. vulnerabilities This was announced on April 13, 2023 by the company. BI.Zone
The Timeweb group of companies is using BI.ZONE to launch a public bagbounty program to check the security of services and products. Independent researchers will receive from 10,000 to 250,000 rubles, depending on the criticality of the vulnerabilities found.
{{quote 'author = said Andrey Bashirov, CEO of Timeweb Group of Companies.|The security of our services is our key priority, we always attract good cybersecurity specialists and cooperate with bagbounty platforms. And we are glad that the guys from BI.ZONE have become our partners in this direction. The public program, which we posted on the BI.ZONE Bug Bounty platform, provides an opportunity to join the audit of our systems to a new expert community and strengthen the continuous coverage of our services with new security research. }}
Placement of SberMarket program
The online product delivery service SberMarket has posted a public program to search for vulnerabilities on the BI.ZONE Bug Bounty platform. SberMarket will pay a fee for potential vulnerabilities found in its online services. BI.Zone announced this on March 21, 2023.
Under the bagbounty program, any user is invited to check the security of the company's website and mobile application. As a reward, baghunters will receive up to 250,000 rubles, depending on the criticality of the vulnerabilities found.
The security of the site and mobile application is one of the main priorities of SberMarket, so the service continues to focus on protecting user data, operations, payments and other functions important to the client.
Dmitry Bobylev, Vice President for Technology, SberMarket
Bagbounty is a new market for Russia, it is rapidly gaining momentum. More companies are looking to increase security with the help of independent researchers. Experts of the advanced online service "SberMarket" understand the importance of cyber defense. We are pleased that the company has come to our platform for infrastructure verification.
| | BI.ZONE Bug Bounty links companies and baghunters. The business platform helps to increase the security of IT assets by helping to launch bagbounty programs. It is more comfortable for baghunters to conduct security research: report vulnerabilities without fear of criminal prosecution, choose baghbounty programs according to their interests and receive remuneration without organizational interference, said Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, Director of Strategy, BI.ZONE.
| |
Placement of the Tinkoff program
January 20, 2023 Tinkoff Bank launched a public program to find errors vulnerabilities and in its services for a reward on the BI.ZONE Bug Bounty platform. Any security researchers from and can participate in it. Russia This was countries EEU bank announced on January 20, 2023.
As part of the bug bounty program, "white hackers" will look for security gaps on sites and mobile applications of the main business areas and services of Tinkoff Bank, Tinkoff Investments, Tinkoff Business, Tinkoff Insurance and others.
In the scope of the program, only technical vulnerabilities. At the same time, the amount of remuneration depends on the criticality of both the vulnerability itself and the system in which it was discovered. The maximum payment at the time of launch of the program is 150,000 ₽.
Baghunters, if desired, can refuse remuneration in favor of charity. In this case, Tinkoff will increase the amount of payment 5 times and send it to one of the charitable foundations at the discretion of the researcher. The list of funds is indicated in the Tinkoff appendix in the Charity section. All awards unclaimed during the year will also be sent in favor of proven funds.
{{quote 'author = said Dmitry Gadar, director of Tinkoff's information security department. | We are excited to join the BI.ZONE Bug Bounty platform and launch our public program. Our ecosystem is developing rapidly, and we apply global practices of secure development, regularly conduct external audits of the security of our applications. In addition, to confirm the high level of protection of millions of our customers, we are ready to use the experience of a large audience of researchers in this area, as large companies around the world do,}}
Tinkoff has been developing its own bug bounty program for many years, both in private and in public formats at various venues.
| | Banking financial and sectors are at the top of the list. and their attacked hackers industries Data protection customers "money is a priority for players in this market. By posting a public program, Tinkoff makes the right choice, because bug bounty programs have proven themselves around the world. Their number is growing annually, and the vulnerabilities found are in the tens of thousands, noted Evgeny Voloshin, Strategy Director, Director of Security Analysis and Fraud Prevention at BI.ZONE.
| |
2022
Ozon Placement
Ozon invites Bughunters. Bug bounty. Vulnerability scanning|baghunters to check the security of the company's website, accounting systems, career portal and buyer's mobile applications. Independent researchers will receive a reward of 5,000 to 100,000 ₽ for confirmed vulnerabilities. This was announced on December 19, 2022 by BI.Zone.
In 2020, Ozon was already launching a public bug bounty program on a foreign platform.
| | Over the past two years, Ozon's business priorities cyber security have remained the same, and the need for product security and stability has only increased over this period. Bug bounty is an integral part of security Internet services, so we have been actively working to resume the program. We will be glad to the baghunters with whom we have already worked, and we hope to see more new faces in our community! - said Timofey Chernykh, head of the Ozon product safety group. | |
BI.ZONE Bug Bounty is a hub linking business and independent security researchers. On the platform, organizations place vulnerability search programs for baghunters. This approach allows you to attract a large circle of specialists to search for weaknesses in the business security system.
| | Going to the bug bounty of a brand like Ozon speaks to the growth of a mature approach to cybersecurity issues. The culture of the relationship between business and independent researchers is changing for the better. We are glad to contribute to this process and are confident that we will help Ozon strengthen the security of infrastructure, "said Evgeny Voloshin, Strategy Director, Director of Security Analysis and Fraud Prevention at BI.ZONE. | |
Avito Placement
On the platform BI.ZONE Bug Bounty , "" Avito launched a public bug bounty program. It is proposed to check the security of all web mobile applications and company, as well as any available applications and services posted on. subdomains avito.ru. Baghunters will receive from 5,000 to 350,000 rubles , depending on the criticality of those found. vulnerabilities BI.Zone announced this on November 30, 2022.
| | Bug bounty is one of the most important and useful processes in product development, ensuring its safety. With the help of BI.ZONE Bug Bounty, we want to establish constant interaction with the community of baghunters to study our systems for security and further increase the level of portal security, "said Valentin Lyakutin, head of product security at Avito. | |
"Avito" first used bug bounty in 2018. The company placed a private program on one of the foreign platforms. Until the spring of 2022, the Avito team managed to launch the monetization of this program and try another one, combining public and private mechanisms to achieve the best result.
| | The placement of the bug bounty program "Avito" suggests that the company takes care of its customers and seeks to increase their security. She understands that safety is a competitive quality, so she pays special attention to this. When creating BI.ZONE Bug Bounty, we took into account this and other expectations of the business, which previously placed programs on foreign sites. Therefore, our platform implements the most popular and high-quality market practices. "Avito," launching the program with us, will receive a versatile security check from independent researchers in Russia and the CIS, - said Evgeny Voloshin, director of strategy at BI.ZONE. | |
BI.ZONE Bug Bounty links companies and baghunters. The business platform helps to increase the security of IT assets by helping to launch bug bounty programs. Baghunters are more comfortable conducting security research: reporting vulnerabilities without fear of criminal prosecution, choosing bug bounty programs according to their interests and receiving remuneration without organizational interference.
VK Program Placement
VK has placed its bug bounty program on the BI.ZONE Bug Bounty platform. BI.Zone announced this on November 21, 2022. The VK program for November 2022 includes 27 projects: VKontakte, Odnoklassniki, Mail.Ru Mail and many others. If vulnerabilities are identified, security researchers will receive rewards from the company from 3 thousand rubles to 1.8 million rubles, depending on the level of criticality of the threat.
| | Expanding the list of professional bug bounty platforms with which we cooperate further strengthens the security of VK services and increases user confidence in them. We are grateful to our colleagues from BI.ZONE Bug Bounty for placing our program on their platform and are confident that by working together, we will only speed up the process of finding vulnerabilities and quickly fixing them, - said the vice president, director of information security at VK Aleksei Volkov. | |
| | VK will place 27 projects with various infrastructure and services on our BI.ZONE Bug Bounty platform. We are pleased that VK has decided to further check the security of its services using our platform. I am sure this will become a multifaceted and interesting experience for all independent researchers who want to try their hand at this program, "said Evgeny Voloshin, Strategy Director of BI.ZONE. | |
Announcement of BI.Zone Bug Bounty
On August 25, 2022, BI.Zone introduced the BI.Zone Bug Bounty platform, on which more than 300 baghunters were pre-registered. Avito will be the first company to host its public bug bounty program.
According to the company, BI.ZONE Bug Bounty is a hub between companies and independent researchers. On the platform, organizations host vulnerability search programs that involve baghunters.
| | Bug bounty programs have already proven effective in the global market. Their number over the past three years has grown by a third around the world, and in 2021, baghunters discovered more than 70 thousand valid vulnerabilities. If earlier only large organizations could afford bug bounty, in August 2022, a business of any scale can launch such a program. The emergence of the Russian platform makes participation in the bug bounty even more accessible. told Evgeny Voloshin, director of the BI.ZONE expert services block | |
The business platform helps optimize cyber resilience and collaborate with independent researchers. It will also allow companies to launch public or private testing with optimal conditions and rewards, attract experts with different approaches, and also remove the routine of verifying information the vulnerabilities received.
The platform allows Baghunters to legally inform companies about vulnerabilities, receive rewards for this and choose the most convenient options for crediting funds. Also, researchers will take into account the rating accumulated on international platforms.
BI.ZONE experts will assist in resolving controversial issues between companies and researchers. Also, the BI.ZONE team plans to develop communities of baghunters.
| | One of the main principles that we focused on when creating the platform is the transparency and convenience of interaction between the company and independent researchers. Therefore, the development was carried out by the guys who used to be baghunters themselves. Researchers will receive tools to work with reports and will accept payments from companies in any way. told Evgeny Voloshin, director of the BI.ZONE expert services block | |
The company announced it was launching a public bug bounty program for the platform itself. The company will pay independent researchers up to 300,000 rubles, depending on the criticality and likelihood of exploiting the discovered vulnerability.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |