RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2024/08/21 15:39:21

White Hacker Registry

Main article: White hackers

2024: Work to create a registry

In Russia, a digital register of white hackers is being created - specialists who check the security of IT systems of public and private companies. This became known in August 2024. As part of this project, it is planned to certify such specialists in order to legalize their activities and improve the protection of critical information infrastructure. The discussion of the initiative takes place at the level of the Federation Council, the FSB, the Ministry of Internal Affairs and information security (information security) companies.

According to Vedomosti, the issue of creating a register and certification of white hackers was discussed at a closed meeting of representatives of departments and information security companies in August 2024. This initiative is related to the draft law being developed, which introduces the concept of "white hacker" into the legal field and regulates the conditions of their work, including participation in bug bounty programs - searching for vulnerabilities in software for a reward. The bill also amends the Civil Code and the Criminal Code of the Russian Federation regarding access to computer information.

A digital register of white hackers is being created in Russia

The initial version of the bill was submitted to the State Duma in December 2023, but by August 21, 2024, it had not yet reached its first reading. The issue of legalizing white hackers remains debatable. Earlier, the FSB, FSTEC and other law enforcement agencies opposed this idea, fearing that attackers could hide behind contracts for testing systems and avoid punishment. Despite this, the development of the bill continued as part of an initiative to develop the digital economy.

Vulnerability testing in Russian companies is carried out under contracts with customers or public offers for bug bounty. Positive Technologies, VK, Ozon and other companies have already joined such programs. According to one of the sources, the bug bounty program for the Public services portal, sponsored by Rostelecom, in May 2023 revealed 34 vulnerabilities, for each of which hackers were paid remuneration in the range from ₽10 thousand to ₽350 thousand.[1]

Notes