The maximum payment was 500 thousand rubles
The Ministry of Digital Development has summed up the interim results of the second stage of the program for searching for vulnerabilities in government systems. The second stage of «bugbounty» has been carried out since November 2023, already 16 thousand specialists are looking for vulnerabilities in State Services, in the System of Interdepartmental Electronic Interaction (SMEV), feedback platform and other systems. For comparison, in the first stage of such a program, which took place from February to May 2023, there were half as many participants — 8 thousand.
Currently, about 100 vulnerabilities have been discovered in 10 government systems. Most of them — with a low degree of criticality, notes the Ministry of Digital Development. The maximum payment for a found vulnerability was 500 thousand rubles, and the maximum reward was set at 1 million rubles. The department reported that specialists check only the external perimeter of systems and do not have access to internal data, and monitoring systems monitor the work of bug hunters — therefore, the vulnerabilities found cannot be used for hacking.