Developers: | BI.Zone (Safe Information Zone, Bison) |
Date of the premiere of the system: | 2022/08/25 |
Last Release Date: | 2023/11/02 |
Branches: | Internet services, Information security |
Main article: Bughunters. Bug bounty. Vulnerability scanning
2024
Placement of the program of the Ministry of Energy, Industry and Communications of the Stavropol Territory
The Ministry of Energy, Industry and Communications of the Stavropol Territory invited Bughunters. Bug bounty. Vulnerability scanning|white hackers to check the Portal of State and Municipal Services of the Stavropol Territory for vulnerabilities and receive remuneration for the identified problems. BI.Zone announced this on December 5, 2024.
Baghunters will look for weaknesses in the cyber protection of the resource on the BI.ZONE Bug Bounty platform. This is an online platform where organizations host programs and receive reports on detected vulnerabilities. At the same time, baghunters choose programs that are interesting for themselves, look for shortcomings and receive a monetary reward for confirmed bugs.
In the Stavropol Territory, 100% of mass socially significant public services are translated into electronic form. Through the Portal of State and Municipal Services of the Stavropol Territory, local government agencies and institutions provide municipal services, including in the field of social protection of the population, education, housing relations, as well as urban planning.
The level of digitalization of the economy and social sphere of the Stavropol Territory reached 73%. This indicator consists of an assessment of the transformation of different industries: public transport, education, health care, public administration, urban economy, construction and others.
{{quote 'author=said Ivan Kovalev, Minister of Energy, Industry and Communications of the Stavropol Territory.|It is fundamentally important for us that visiting state online resources and receiving services here is convenient, quick and high-quality for residents of Stavropol. Therefore, we initiated this project and invite [[[hackers|white hackers]] to cooperate. Including such cooperation in the future will strengthen the protection of portals, }}
Шаблон:Quote 'author=noted Andrey Levkin, BI.ZONE Bug Bounty Product Manager.
Placement of the program of the government of the Tula region
Independent researchers on the BI.ZONE Bug Bounty platform will assess the level of security of three state information systems. Bughunters. Bug bounty. Vulnerability scanning|Baghunters will be able to look for vulnerabilities on the official websites of the government, the Ministry of Digital Development and Communications, as well as on the portal of the corporate university of the government of the Tula region. The reward will depend on the criticality of the vulnerabilities found. BI.Zone announced this on November 28, 2024.
{{quote 'author=said Vitaly Prokudin, Minister of Digital Development and Communications of the Tula Region. | Every day we record and repel hundreds of cyber attacks, which is why it is so important to detect and eliminate existing vulnerabilities in a timely manner. We run a bagbounty program to independently check the security of our information resources. Our main goal is to ensure the availability of our services and the protection of citizens' data,}}
Шаблон:Quote 'author=noted Andrey Levkin, BI.ZONE Bug Bounty Product Manager.
Launch of the program of the government of the Leningrad region
Leningrad region launches a new stage of the project to search for vulnerabilities. BI.Zone announced this on October 14, 2024.
Independent researchers will be able to assess the level of security of three state information systems on the BI.ZONE Bug Bounty platform.
As part of the program, Bughunters. Bug bounty. Vulnerability scanning|baghunters will be able to look for vulnerabilities on the official website of the Administration of the Leningrad Region, as well as on the information portals "Modern Education of the Leningrad Region" and "Wildlife of the Leningrad Region."
The reward for the discovered vulnerability will depend on the level of its criticality and can reach 150 thousand rubles. The second stage of the bagbount program of the Leningrad Region will last until December 2024.
The field systematically develops tools for ensuring cybersecurity of the e-government infrastructure. We hope that the involvement of independent researchers in the study of potential vulnerabilities in the region's digital systems will increase resistance to current cyber threats and take countermeasures in time, thereby strengthening the protective potential, "said Andrei Sytnik, Chairman of the Digital Development Committee of the Leningrad Region. |
We are pleased that more organizations are not only running programs on our platform, but also expanding them. The second stage of the bagbount program of the Leningrad Region will increase the level of security of several more official information resources of the region. The joint work of baghunters and specialists of the Leningrad region will allow you to constantly receive information about the vulnerabilities of the external perimeter, quickly fix them and prevent their exploitation by intruders, - said Andrey Lyovkin, head of the BI.ZONE Bug Bounty product. |
During the first stage, baghunters checked the level of security of several state information systems, including the "Budget Process Management of the Leningrad Region," "Modern Education of the Leningrad Region," the Portal of State and Municipal Services of the Leningrad Region.
Launch of the program of the government of the Nizhny Novgorod region
White hackers will assess the vulnerability of the website of the government of the Nizhny Novgorod region. BI.Zone announced this on September 30, 2024.
The Nizhny Novgorod region is the fourth constituent entity of the Russian Federation to launch a program on BI.ZONE Bug Bounty.
As part of the program, independent security researchers will be able to check the level of security of the official information portal of the regional cabinet.
Thousands of citizens visit the website of the Nizhny Novgorod government every day. It contains a lot of information useful for Nizhny Novgorod, so it should not only be as convenient as possible, but also as protected as possible. Since 2022, the portal has been subjected to regular cyber attacks. There were no successful attempts for attackers, and it is important to maintain this trend, "said Yegor Polyakov, deputy governor of the Nizhny Novgorod region, head of the regional cybersecurity headquarters. |
We are taking a step into the digital future - we are attracting so-called white hackers to search for vulnerabilities in the state portal. Their task is to find possible entry points for attackers. According to the results of the researchers, our specialists will be able to strengthen the protection of the portal, - said the Minister of Digital Development and Communications of the Nizhny Novgorod Region Alexander Sinelobov. |
Launch of SOGAZ program
SOGAZ launches a program to find potential vulnerabilities on the BI.ZONE Bug Bounty platform. BI.Zone announced this on September 30, 2024.
Independent researchers will receive a reward for vulnerabilities found in online services and on the company's websites.
Independent security researchers will be able to test the security of SOGAZ sites and receive rewards when potential threats are detected. The amount of payment will depend on the level of criticality of the identified risk.
The goal of the program is to improve cybersecurity tools and increase the resilience of the company's information systems to attacks.
The program involves 14 sites and online services of the company, including an official website, a client's personal account, an online service for submitting requests for customers.
Шаблон:Quote 'author=said Mikhail Ilyin, Deputy Chairman of the Board of SOGAZ.
Launch of the program by the public sector of the Volgograd region
The Volgograd region is the third constituent entity of the Russian Federation to launch a program on BI.ZONE Bug Bounty. BI.Zone announced this on September 23, 2024.
As part of the program, independent security researchers will be able to check the level of security of information resources of the executive authorities of the Volgograd region.
The amount of reward for baghunters will depend on the criticality of the discovered vulnerabilities.
Шаблон:Quote 'author=said Sergey Barykin, deputy director of GBU VO "CIT VO."
Шаблон:Quote 'author=noted Andrey Levkin, BI.ZONE Bug Bounty Product Manager.
Launch of three Sberbank programs
Sber runs three search programs on BI.ZONE Bug Bounty. vulnerabilities This was BI.Zone (Safe Information Zone, Bison) announced on August 22, 2024.
Independent researchers will be able to receive up to 500 thousand rubles for the detected bugs.
The services of the Sberbank ecosystem throughout Russia are used by more than 100 million customers, and the monthly audience of SberBank Online - more than 82 million users. The company strives to provide the best user experience and security of digital services, so it launches programs to find vulnerabilities in three resources:
- Sberbank's official website,
- SberBank Online,
- SberInvestment.
In online banking, researchers will be able to look for bugs:
- in web and mobile versions of SberBank Online for iOS and Android;
- online bank messenger;
- Sber ID is a service for logging into sites and ecosystem applications.
In SberInvestment, baghunters are invited to explore a web and mobile application.
Шаблон:Quote 'author=said Sergey Krainov, Head of Cybersecurity Expertise Department, Sberbank. Шаблон:Quote 'author=noted Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, BI.ZONE.
Run VMmanager Vulnerability Detection Program
ISPsystem will place its IT own solution on the BI.ZONE Bug Bounty platform to create a fault-tolerant environment. virtualizations VMmanager This was BI.Zone announced on July 25, 2024.
Bughunters. Bug bounty. Vulnerability scanning will check the security of the virtualization platform, and BI.ZONE will receive and analyze reports. The white payment to hackers for the found vulnerability can reach 100,000, and rubles its size will depend on the level of criticality.
{{quote 'author=said Pavel Guralnik, CEO, ISPsystem. | The VMmanager platform has already established itself as a reliable solution for managing virtual machines. Going to BI.ZONE Bug Bounty confirms our continued commitment to ensuring reliable protection of information systems. This program also encourages collective efforts to strengthen the security of information systems at all levels, making our partnership even more valuable,}}
Citidriva Program Placement
Citidrive suggested that independent researchers check the security of his resources. Launching a public program on BI.ZONE Bug Bounty will increase the company's cybersecurity. BI.Zone announced this on July 22, 2024. Read more here.
Placement of SberFactoring program
SberFactoring invites independent cybersecurity researchers to check the security of their resources on the BI.ZONE Bug Bounty platform. The program covers the company's website, as well as the client's personal account. The reward for a confirmed vulnerability depends on the level of its criticality. BI.Zone announced this on January 31, 2024.
We are a leader in the factoring market and actively use the latest solutions to make services for our customers faster and more convenient. The introduction of new technologies can also carry new risks, so our large team makes daily efforts to ensure uninterrupted and safe operation of resources. Placing the program on BI.ZONE Bug Bounty is an opportunity once again, now with the help of third-party specialists, to make sure that SberFactoring and our clients' data are protected to the maximum, "said Andrey Glushak, Information Technology Director, SberFactoring. |
Bughunters. Bug bounty. Vulnerability scanning|Bagbounty allows organizations to explore potential vulnerabilities in their IT systems with the help of a large number of independent researchers. We are confident that cooperation will help SberFactoring in supporting the continuity of security processes, as well as increase resistance to current cyber threats, "said Yevgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, BI.ZONE. |
2023
Placement of the Bank Home program
Home Bank invites independent cybersecurity researchers registered on the BI.ZONEBug Bounty platform to check the security of their information systems. The public program covers the domains of home.bank, homecredit.ru, as well as the Internet bank and mobile application. The amount of remuneration depends on the criticality of the discovered vulnerabilities and can reach 200,000 rubles. The bank announced this on November 2, 2023.
Ensuring the safe and smooth operation of our services is a key priority in the work. bank We regularly analyze the security of our systems both on our own and with the involvement of external specialized companies. In addition to this, we are launching a program for searching for vulnerabilities in public mode so that all interested baghaners help us become even more secure and provide the maximum possible level data protection and funds of our clients, - said the Director of the Information Security Department of Home Bank. Nikolay Klendar |
According to world statistics, financial institutions are among the most active users of baghunter services. The trend is also characteristic of Russia: according to BI.ZONE Bug Bounty, 37% of the demand for baghunting falls on companies from the financial sector. Organizations with a high level of digitalization are trying new vulnerability detection tools because they are interested in maximum comprehensive protection. The launch of Home Bank's bagbounty program speaks of mature processes and a serious approach to ensuring the safe uninterrupted functioning of digital services, "said Evgeny Voloshin, Director of Security Analysis and Fraud Prevention, Director of Strategy at BI.ZONE. |
Running a program to search for operating systems vulnerabilities on BI.Zone BugBounty
Astra Group of Companies, a Russian developer of operating systems, on August 24, 2023 announced the launch of a program to search for operating systems vulnerabilities on BI.ZONE BugBounty.
The operating system Astra Linux Special Edition will be checked. Within the framework of the partnership with BI.ZONE, Astra will place a public program with cash payments on the platform. The company will pay independent researchers for the implementation of unacceptable events within the system with the author's access delimitation mechanism, as well as with a functioning closed-loop software environment. BI.ZONE, for its part, will provide baghunters with access to the program, reception and processing of reports, and, when confirming the vulnerability, will pay a reward. Depending on the level of criticality of the vulnerability, the amount of payment can reach 250,000 rubles, and vulnerabilities of the "criticacal" category will be considered on an individual basis.
The Astra Group of Companies is confident that bagbounty can bring more significant results than the classic security analysis.
We are ready to pay not just for the errors found, but for the implementation of unacceptable events. This is an approach that almost no one has practiced in Russia yet. Our company has deployed secure development processes; at the same time, it is important for us to identify problems that can lead to negative consequences in the customer's infrastructure. I am sure that this will positively affect the reputation of Astra Group of Companies as a mature developer confident in the reliability and safety of its software, stated Ilya Sivtsev, General Director of Astra Group of Companies.
|
Astra Group plans to extend the current program to other security subsystems and products. For everyone - both professionals and enthusiasts in the field of cybersecurity - Astra will publish a special constantly updated OS image with completed security settings, the effectiveness testing of which is especially interesting for developers.
The emergence on our platform of a program that aims to search for vulnerabilities in operating systems is a big step for us. We are pleased to partner with an experienced developer whose solutions are effectively used in organizations with high standards of information protection. The opening of its bagbounty program will help Astra continue to maintain a high resistance to constantly developing and changing cyber threats, noted Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, BI.ZONE.
|
BI.ZONE BugBounty connects organizations and independent security researchers. Companies place vulnerability search programs on the platform that involve baghunters. They receive rewards from program owners for vulnerabilities found. This approach allows you to involve a wide range of specialists in finding weaknesses in the security system.
Import substitution of "white hackers." The main trends of Bug Bounty in Russia have been identified
The pioneers in the use of bug bounty were large companies from the financial sector, retail, IT. Now both medium and even small businesses come to the conclusion that this is an effective security analysis tool . This trend is noted in BI.Zone, which on August 24, 2023 summed up the work of its BI.Zone Bug Bounty platform for the year. Read more here.
Placement of SberAvto program
The service for choosing, buying and selling cars SberAvto will pay for Bughunters. Bug bounty. Vulnerability scanning the discovered. vulnerabilities SberAvto announced this on July 4, 2023.
The program on BI.ZONE Bug Bounty will cover the sberauto.com website, the web services of all. subdomains sberauto.com and "" mobile application SberAvto on the platform. Android Depending on the criticality of the threat, the reward for confirmed vulnerabilities will be up to 250,000. rubles
{{quote 'author=said Kirill Ilyin, Director of the Security Department, SberAvto. | In 2020, the SberAvto team launched a service that made it possible to implement elements of the process of buying and selling cars online. Over the past year, our audience has grown multiple times, and we feel even more responsible for customer safety. Bagbounty for us is first of all openness, attention data protection to and concern for the future of the company. We are confident that together with the researchers we will increase the security of SberAvto guarantee users security data,}}
Bagbounty programs ensure business continuity of security processes. The company gains access to an unlimited number of researchers, each with its own approach to finding vulnerabilities. Combining the efforts of full-time specialists and baghunters allows you to cover the entire range of threats, which is constantly growing and changing. Thanks to its bagbounty program, SberAvto will increase its resistance to modern advanced threats and strengthen the protection of users' personal data, noted Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention at BI.ZONE.
|
Inclusion in the register of domestic software
At the end Ministry of Digital Development, Communications and Mass Media of the Russian Federation register of domestic software of March 2023, BI.ZONE Bug Bounty registered in. The platform is now officially among the products that companies state with participation can use. The company BI.Zone announced this on May 18, 2023.
Bagbounty programs are one of the most effective ways to detect vulnerabilities in companies' cybersecurity. Both business and the state are interested in their development.
BI.ZONE Bug Bounty brings together independent researchers and organizations. The platform also works with the program of the Ministry of Digital Development, Communications and Mass Media (Ministry of Digital Development of the Russian Federation). With BI.ZONE Bug Bounty, companies learn how secure their external infrastructure is, and baghunters are rewarded for vulnerabilities found. This is one of the first such sites in Russia. After the departure of foreign vendors, many independent researchers became its regular users.
The platform also helps businesses if difficulties arise during the launch of bagbounty programs. BI.ZONE Bug Bounty takes over payments, registration of cooperation, and also simplifies the search for baghunters. In addition, if necessary, BI.ZONE experts check the vulnerabilities found, freeing up the company's resources for other tasks.
The entry of BI.ZONE Bug Bounty into the register of the Ministry of Digital Development is an important event for us. This opens up additional possibilities for using the platform. Now we are ready to help even more organizations. We believe that our solution will make the business safer and more reliable, said Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, Director of Strategy BI.ZONE.
|
Placement of "Sound" program
Sound will pay independent baghunters from the BI.ZONE Bug Bounty platform to detect potential security vulnerabilities in products and technology solutions as part of a running program. This was announced on April 26, 2023 by BI.Zone.
The search for bugs will occur in the audio service application Sound and its web versions after large-scale updates, as well as in two domains of the service for the development of artists and podcasters STUDIO. The reward will be up to 50,000 rubles.
The Sound initiative to create its own bagbounty program is associated with the intensive development of the service and is dictated by the need to test the strength of products in order to improve the security system. The bagbounty program will allow experienced researchers to check products for weaknesses and vulnerabilities. For example, identify potential flaws in user authorization and authentication mechanisms that allow unauthorized access to confidential information and application functions.
The reward for independent experts directly depends on the vulnerability found, the difficulty of detecting it and the potential damage.
{{quote 'author=said Alexander Korzhov, director of the information security department of HiFi streaming Sound. | User data protection is the number one priority. We are actively developing services, creating new products and constantly growing, so we need a fresh look and expertise from independent professionals. Security is paramount, so we are willing to pay anyone who finds potential weaknesses in our defense through a joint program with the BI.ZONE Bug Bounty platform. This practice has already proven itself to be effective, and we have high hopes for cooperation with baghunters,}}
Timeweb Placement
Provider Timeweb will pay independent researchers for those found. vulnerabilities This was announced on April 13, 2023 by the company. BI.Zone
The Timeweb group of companies is using BI.ZONE to launch a public bagbounty program to check the security of services and products. Independent researchers will receive from 10,000 to 250,000 rubles, depending on the criticality of the vulnerabilities found.
{{quote 'author=said Andrey Bashirov, CEO of Timeweb Group of Companies.|The security of our services is our key priority, we always attract good cybersecurity specialists and cooperate with bagbounty platforms. And we are glad that the guys from BI.ZONE have become our partners in this direction. The public program, which we posted on the BI.ZONE Bug Bounty platform, provides an opportunity to join the audit of our systems to a new expert community and strengthen the continuous coverage of our services with new security research. }}
Placement of SberMarket program
The online product delivery service SberMarket has posted a public program to search for vulnerabilities on the BI.ZONE Bug Bounty platform. SberMarket will pay a fee for potential vulnerabilities found in its online services. BI.Zone announced this on March 21, 2023.
Under the bagbounty program, any user is invited to check the security of the company's website and mobile application. As a reward, baghunters will receive up to 250,000 rubles, depending on the criticality of the vulnerabilities found.
The security of the site and mobile application is one of the main priorities of SberMarket, so the service continues to focus on protecting user data, operations, payments and other functions important to the client.
Dmitry Bobylev, Vice President for Technology, SberMarket
Bagbounty is a new market for Russia, it is rapidly gaining momentum. More companies are looking to increase security with the help of independent researchers. Experts of the advanced online service "SberMarket" understand the importance of cyber defense. We are pleased that the company has come to our platform for infrastructure verification.
BI.ZONE Bug Bounty links companies and baghunters. The business platform helps to increase the security of IT assets by helping to launch bagbounty programs. It is more comfortable for baghunters to conduct security research: report vulnerabilities without fear of criminal prosecution, choose baghbounty programs according to their interests and receive remuneration without organizational interference, said Evgeny Voloshin, Director of the Department of Security Analysis and Fraud Prevention, Director of Strategy, BI.ZONE.
|
Placement of the Tinkoff program
January 20, 2023 Tinkoff Bank launched a public program to find errors vulnerabilities and in its services for a reward on the BI.ZONE Bug Bounty platform. Any security researchers from and can participate in it. Russia This was countries EEU bank announced on January 20, 2023.
As part of the bug bounty program, "white hackers" will look for security gaps on sites and mobile applications of the main business areas and services of Tinkoff Bank, Tinkoff Investments, Tinkoff Business, Tinkoff Insurance and others.
In the scope of the program, only technical vulnerabilities. At the same time, the amount of remuneration depends on the criticality of both the vulnerability itself and the system in which it was discovered. The maximum payment at the time of launch of the program is 150,000 ₽.
Baghunters, if desired, can refuse remuneration in favor of charity. In this case, Tinkoff will increase the amount of payment 5 times and send it to one of the charitable foundations at the discretion of the researcher. The list of funds is indicated in the Tinkoff appendix in the Charity section. All awards unclaimed during the year will also be sent in favor of proven funds.
{{quote 'author=said Dmitry Gadar, director of Tinkoff's information security department. | We are excited to join the BI.ZONE Bug Bounty platform and launch our public program. Our ecosystem is developing rapidly, and we apply global practices of secure development, regularly conduct external audits of the security of our applications. In addition, to confirm the high level of protection of millions of our customers, we are ready to use the experience of a large audience of researchers in this area, as large companies around the world do,}}
Tinkoff has been developing its own bug bounty program for many years, both in private and in public formats at various venues.
Banking financial and sectors are at the top of the list. and their attacked hackers industries Data protection customers "money is a priority for players in this market. By posting a public program, Tinkoff makes the right choice, because bug bounty programs have proven themselves around the world. Their number is growing annually, and the vulnerabilities found are in the tens of thousands, noted Evgeny Voloshin, Strategy Director, Director of Security Analysis and Fraud Prevention at BI.ZONE.
|
2022
Ozon Placement
Ozon invites Bughunters. Bug bounty. Vulnerability scanning|baghunters to check the security of the company's website, accounting systems, career portal and buyer's mobile applications. Independent researchers will receive a reward of 5,000 to 100,000 ₽ for confirmed vulnerabilities. This was announced on December 19, 2022 by BI.Zone.
In 2020, Ozon was already launching a public bug bounty program on a foreign platform.
Over the past two years, Ozon's business priorities cyber security have remained the same, and the need for product security and stability has only increased over this period. Bug bounty is an integral part of security Internet services, so we have been actively working to resume the program. We will be glad to the baghunters with whom we have already worked, and we hope to see more new faces in our community! - said Timofey Chernykh, head of the Ozon product safety group. |
BI.ZONE Bug Bounty is a hub linking business and independent security researchers. On the platform, organizations place vulnerability search programs for baghunters. This approach allows you to attract a large circle of specialists to search for weaknesses in the business security system.
Going to the bug bounty of a brand like Ozon speaks to the growth of a mature approach to cybersecurity issues. The culture of the relationship between business and independent researchers is changing for the better. We are glad to contribute to this process and are confident that we will help Ozon strengthen the security of infrastructure, "said Evgeny Voloshin, Strategy Director, Director of Security Analysis and Fraud Prevention at BI.ZONE. |
Avito Placement
On the platform BI.ZONE Bug Bounty , "" Avito launched a public bug bounty program. It is proposed to check the security of all web mobile applications and company, as well as any available applications and services posted on. subdomains avito.ru. Baghunters will receive from 5,000 to 350,000 rubles , depending on the criticality of those found. vulnerabilities BI.Zone announced this on November 30, 2022.
Bug bounty is one of the most important and useful processes in product development, ensuring its safety. With the help of BI.ZONE Bug Bounty, we want to establish constant interaction with the community of baghunters to study our systems for security and further increase the level of portal security, "said Valentin Lyakutin, head of product security at Avito. |
"Avito" first used bug bounty in 2018. The company placed a private program on one of the foreign platforms. Until the spring of 2022, the Avito team managed to launch the monetization of this program and try another one, combining public and private mechanisms to achieve the best result.
The placement of the bug bounty program "Avito" suggests that the company takes care of its customers and seeks to increase their security. She understands that safety is a competitive quality, so she pays special attention to this. When creating BI.ZONE Bug Bounty, we took into account this and other expectations of the business, which previously placed programs on foreign sites. Therefore, our platform implements the most popular and high-quality market practices. "Avito," launching the program with us, will receive a versatile security check from independent researchers in Russia and the CIS, - said Evgeny Voloshin, director of strategy at BI.ZONE. |
BI.ZONE Bug Bounty links companies and baghunters. The business platform helps to increase the security of IT assets by helping to launch bug bounty programs. Baghunters are more comfortable conducting security research: reporting vulnerabilities without fear of criminal prosecution, choosing bug bounty programs according to their interests and receiving remuneration without organizational interference.
VK Program Placement
VK has placed its bug bounty program on the BI.ZONE Bug Bounty platform. BI.Zone announced this on November 21, 2022. The VK program for November 2022 includes 27 projects: VKontakte, Odnoklassniki, Mail.Ru Mail and many others. If vulnerabilities are identified, security researchers will receive rewards from the company from 3 thousand rubles to 1.8 million rubles, depending on the level of criticality of the threat.
Expanding the list of professional bug bounty platforms with which we cooperate further strengthens the security of VK services and increases user confidence in them. We are grateful to our colleagues from BI.ZONE Bug Bounty for placing our program on their platform and are confident that by working together, we will only speed up the process of finding vulnerabilities and quickly fixing them, - said the vice president, director of information security at VK Aleksei Volkov. |
VK will place 27 projects with various infrastructure and services on our BI.ZONE Bug Bounty platform. We are pleased that VK has decided to further check the security of its services using our platform. I am sure this will become a multifaceted and interesting experience for all independent researchers who want to try their hand at this program, "said Evgeny Voloshin, Strategy Director of BI.ZONE. |
Announcement of BI.Zone Bug Bounty
On August 25, 2022, BI.Zone introduced the BI.Zone Bug Bounty platform, on which more than 300 baghunters were pre-registered. Avito will be the first company to host its public bug bounty program.
According to the company, BI.ZONE Bug Bounty is a hub between companies and independent researchers. On the platform, organizations host vulnerability search programs that involve baghunters.
Bug bounty programs have already proven effective in the global market. Their number over the past three years has grown by a third around the world, and in 2021, baghunters discovered more than 70 thousand valid vulnerabilities. If earlier only large organizations could afford bug bounty, in August 2022, a business of any scale can launch such a program. The emergence of the Russian platform makes participation in the bug bounty even more accessible. told Evgeny Voloshin, director of the BI.ZONE expert services block |
The business platform helps optimize cyber resilience and collaborate with independent researchers. It will also allow companies to launch public or private testing with optimal conditions and rewards, attract experts with different approaches, and also remove the routine of verifying information the vulnerabilities received.
The platform allows Baghunters to legally inform companies about vulnerabilities, receive rewards for this and choose the most convenient options for crediting funds. Also, researchers will take into account the rating accumulated on international platforms.
BI.ZONE experts will assist in resolving controversial issues between companies and researchers. Also, the BI.ZONE team plans to develop communities of baghunters.
One of the main principles that we focused on when creating the platform is the transparency and convenience of interaction between the company and independent researchers. Therefore, the development was carried out by the guys who used to be baghunters themselves. Researchers will receive tools to work with reports and will accept payments from companies in any way. told Evgeny Voloshin, director of the BI.ZONE expert services block |
The company announced it was launching a public bug bounty program for the platform itself. The company will pay independent researchers up to 300,000 rubles, depending on the criticality and likelihood of exploiting the discovered vulnerability.