According to Alexey Shelobkov, Managing Director and Partne

[tanjimajuha20]

eputy Minister of Digital Development, Communications and Mass Media Alexander Shoitov, in his speech at the section "Sustainability in the BANI World: Obstacles, Strategies and Opportunities" during the SOC Forum-2023, called the problem of auditing the security of information systems, including state (GIS), extremely acute and at the same time not having a clear solution. It will be especially important, as the deputy head of the relevant department emphasized, to conduct such an audit for companies that are engaged in the maintenance and support of GIS, since they have become the main weak link through which attacks and penetrations occur.

According to Alexander Shoitov, the best tool has proven to be a reward program for searching vulnerabilities (Bug Bounty), but they should be voluntary for participants. Shortly before the start of the conference, on November 8, 2023, the Ministry of Digital Development expanded the Bug Bounty program from one service to nine, but, according to sources of the Kommersant publication, the federal government does not have the financial and human resources to expand this program to other departments and their contractors.


r of JSC "GC Yadro" (YADRO), Bug luxembourg whatsapp number database Bounty is an important element of the company's information security strategy. According to him, this program is carried out on an ongoing basis and helps to find vulnerabilities at a minimum level of costs. The main result, as Alexey Shelobkov emphasized, is an increase in trust both in the company itself and in its products, which increases its competitiveness. In his opinion, such programs are most useful for fast-growing companies, such as YADRO, whose numbers have quadrupled over the past two years.

As noted by the head of the Innostage service department, Ekaterina Syurtukova, Bug Bounty, unlike penetration testing, is a continuous security enhancement tool that takes security to a new level. She reminded that Bug Bounty participants receive payment for the result - a detected vulnerability, and not for the penetration testing itself, which, moreover, is carried out according to a standard scenario and often does not include non-standard attacks, such as those related to physical penetration into the territory, or not quite typical ones - for example, business e-mail compromatoin.

Read also
Fraudsters are massively using fake accounts of regulator executives in messengers
The heads of large companies and government agencies have begun to be deceived on behalf of the Central Bank, the regulator told Izvestia. To do this, fraudsters create fake accounts of heads of regional branches of the Bank of Russia.

Maxim Akimov, Head of the Cyber ​​Threat Counteraction Center at Innostage CyberART, emphasized the high importance of Bug Bounty programs for companies that are increasing not only the number of personnel, but also the number of products. In such conditions, according to him, Bug Bounty becomes a useful tool for restructuring the process of developing new services and increasing trust in them on the part of potential customers.