Ministry of Communications will pay Russian hackers
The ministry is going to open the Bug Bounty program to search for vulnerabilities in the domestic software
The Ministry of Communications and Mass Media of the Russian Federation is going to adopt the standard experience of Western companies and launch a remuneration program for the found vulnerabilities. Hackers will pay for the search for bugs in the software that is included in the registry of domestic software, and not only.
“We are working on the possibility of using this international principle both for products included in the domestic software registry and for other facilities used, for example, in an automated process control system (automated process control system) and other critical infrastructures,” said Alexey, Deputy Minister of Communications Sokolov in the commentary to the newspaper "Izvestia".
The final decision on Bug Bounty and the amount of rewards has not yet been determined. But it is clear that the premiums will be paid in Russian rubles.
From the state budget hackers will not give a penny. The Ministry of Communications will only coordinate the program, and funding will be provided by large commercial companies.
“The initiative is also supported by a number of large companies with state participation and the private sector,” the press service of the Ministry of Communications and Mass Communications informed. - Using a system of grants for individuals and organizations to stimulate research in the field of detection of vulnerabilities, according to world experience, is an effective additional measure to ensure the information security of software products. Expenditures of the federal budget for these purposes, as well as the attraction of other state resources are not planned. ”
Now the Ministry of Communications is discussing the idea with the community. Already have the first comments. For example, the head of ALT Linux, Alexei Smirnov, noted that in the registry of domestic software there is software like the school program “Geography, 7th grade”, and “checking it through such systems would be absurd”. That is, you need to specify what degree of protection each program should have.
In general, in Russia there is a paradoxical situation. Here, the best hackers in the world, here they create the most professional and sophisticated hacking tools (which even the FBI admits ), but at the same time there is an exceptionally low quality of commercial programs. Import substitution programs can only exacerbate the situation, because for Russian companies, competition is weakened and the incentive to create a better product is lost.
“The main problem lies in the fact that the Russian software market has long been characterized by a“ care-free ”attitude to the quality of the program code,” says Dmitry Kuznetsov, director of methodology and standardization at Positive Technologies. - The situation began to change in the banking sector, when the annual losses from hacker attacks began to amount to billions of rubles. But in other areas the situation remains deplorable. It can be changed by import substitution processes in which developers are interested in having their software in the domestic software registry. ”