Successful completion of the project to search for vulnerabilities on the State Services of Russia portal: 8,000 specialists protected public services
The largest payment was 350 thousand rubles.
The project to find and eliminate vulnerabilities on the portal of public services in Russia (Gosuslugi) was completed successfully. Over the three months of the program’s operation, more than 8,000 security specialists have tested the platform for errors and threats. For the problems they found, they received cash rewards and souvenirs with the symbols of the project.
The largest payout for a critical vulnerability was 350,000 rubles, and the smallest was 10,000 rubles for a minor error. A total of 34 problems of varying severity were identified, most of which did not pose a great danger to users and data.
Testing was carried out on specialized platforms BI.ZONE Bug Bounty and Standoff 365, which allow you to safely and effectively organize the search for vulnerabilities in various systems. Representatives of the Ministry of Digital Development of Russia said they plan to continue the Gosuslug bugbounty and expand it to other departments.
The project to search for vulnerabilities in the State Services was not the first such initiative of the Russian Ministry of Digital Development. Previously, the agency conducted a bugbounty on the Standoff 365 platform for its minsvyaz.ru website and the EGAIS portal. The Russian Ministry of Digital Development also participated in the organization of the Standoff Cyber League esports tournament, where teams of hackers and defenders competed in attacking and protecting real IT infrastructures.
The State Services Portal is a single site for receiving various public services in electronic form. On it you can apply for a passport, get a certificate of income, make an appointment with a doctor and much more. The portal has a mobile application for iOS and Android.