March 1, 2023 the largest Russian bugbounty platform Standoff 365 launched own public program for finding vulnerabilities. Thus, the platform is ready to openly confirm the security of its services and demonstrate concern for the security of customers. The Standoff 365 bugbounty program will be available to all researchers, and the reward for the most dangerous vulnerabilities will be 1 million rubles.

In the IV quarter of 2022 the number of hacker attacks on IT companies increased by 18%. The IT sector has come close to the top three in the list of the most attacked industries. Attackers are interested in IT companies, as their compromise opens the way for further attacks on their customers – users of products and services.

“Launching our own vulnerability scan program is a serious step in the development of Standoff. The platform contains a lot of data that is important for us and our customers, so the launch of a bugbounty will increase protection and prepare the development team to quickly change processes, find and fix bugs at an early stage. We are ready to show everyone by our own example that bugbounty is not scary and that the search for vulnerabilities by bughunters does not have a negative impact on the operation of services,” said Anatoly Ivanov, head of standoff 365 bugbounty development.

As part of the Standoff 365 bug bounty program, researchers will have access to all subdomains of the platform website — standoff365.com, including authorization domains (auth.standoff365.com), bugbounty (bugbounty.standoff365.com) and cyberpolygon (range.standoff365.com). The amount of remuneration for ethical hackers depends on the degree of danger of the vulnerabilities found and will amount to 1 million rubles for the critical level, 250 thousand rubles for the high level, 50 thousand and 15 thousand rubles, respectively, for the medium and low levels.

The next step in the development of the program will be the launch of a bug bounty aimed at implementing unacceptable events, and an increase in payments to bug hunters up to 2 million rubles. In addition, to motivate researchers, the platform is ready for other forms of encouragement, including merch and invitations to events.

Standoff 365 Bug Bounty was launched by Positive Technologies in May 2022. Since then, 1,200 reports have been received from bug hunters, more than 900 vulnerabilities have been found, and the amount of rewards paid has already exceeded 14 million rubles. In terms of the number of participants and programs, Standoff 365 Bug Bounty has become the leader among domestic analogues: 4,000 people have registered and 44 programs have been launched. This platform also offers a unique participation format: it allows not only to find vulnerabilities, but also to explore scenarios for the implementation of unacceptable events.

erid=Pb3XmBtzt8h4gUZ2PaM8B55VXunof1SPZb43Cgp