The Bug Bounty program has been running for 10 years
The VK company (formerly Mail.ru Group) shared the results of the program for searching for vulnerabilities (Bug Bounty) over the past 10 years. VK launched its own Bug Bounty program on the HackerOne platform in April 2014.
The first project was Mail.ru Mail, later social networks VKontakte were added. and «Odnoklassniki». During the entire period of cooperation with HackerOne, VK received more than 16 thousand reports, which made it possible to significantly strengthen the protection of the company’s products. The total amount of payments exceeded 185 million rubles, and the maximum reward for a critical vulnerability reached 1.5 million rubles.
In 2022, VK placed the Bug Bounty program on the Standoff365 and BI.ZONE Bug Bounty platforms, at the beginning of 2023 — on BugBounty.ru, becoming the first company in Russia represented on all domestic platforms.
During its work with Russian partners, the company processed over 2.5 thousand reports and paid external security researchers more than 52 million rubles. In 2023, the total remuneration exceeded 39 million rubles – three times more than in 2022, and the maximum lump sum payment amounted to 2.4 million rubles.
In total, VK processed over 18 thousand reports from researchers and experts and paid out more than 236 million rubles over the 10 years of existence of the Bug Bounty program for searching for vulnerabilities.