Main article: White hackers
2024: Work to create a registry
In Russia, a digital register of white hackers is being created - specialists who check the security of IT systems of public and private companies. This became known in August 2024. As part of this project, it is planned to certify such specialists in order to legalize their activities and improve the protection of critical information infrastructure. The discussion of the initiative takes place at the level of the Federation Council, the FSB, the Ministry of Internal Affairs and information security (information security) companies.
According to Vedomosti, the issue of creating a register and certification of white hackers was discussed at a closed meeting of representatives of departments and information security companies in August 2024. This initiative is related to the draft law being developed, which introduces the concept of "white hacker" into the legal field and regulates the conditions of their work, including participation in bug bounty programs - searching for vulnerabilities in software for a reward. The bill also amends the Civil Code and the Criminal Code of the Russian Federation regarding access to computer information.
The initial version of the bill was submitted to the State Duma in December 2023, but by August 21, 2024, it had not yet reached its first reading. The issue of legalizing white hackers remains debatable. Earlier, the FSB, FSTEC and other law enforcement agencies opposed this idea, fearing that attackers could hide behind contracts for testing systems and avoid punishment. Despite this, the development of the bill continued as part of an initiative to develop the digital economy.
Vulnerability testing in Russian companies is carried out under contracts with customers or public offers for bug bounty. Positive Technologies, VK, Ozon and other companies have already joined such programs. According to one of the sources, the bug bounty program for the Public services portal, sponsored by Rostelecom, in May 2023 revealed 34 vulnerabilities, for each of which hackers were paid remuneration in the range from ₽10 thousand to ₽350 thousand.[1]
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |