VK has launched a bug bounty program on The Standoff 365 Bug Bounty, a platform developed by Positive Technologies for uncovering vulnerabilities. A bug bounty program offers rewards to outside researchers for discovering and reporting security flaws before attackers can find and exploit them.
The VK bug bounty consists of over 40 projects. Rewards range from $100 to $30,000, depending on the severity level of reported vulnerabilities.
VK was one of the first companies in Russia to offer rewards to external researchers for reporting vulnerabilities. Since 2013, the company has received over 15,000 bug bounty reports and used them to fix vulnerabilities and strengthen the protection of users' personal data. In total, the company has paid out more than $3 million in bug bounties.
Alexey Volkov, Vice President and Director for Information Security at VK, said: "The security of our customers and their trust in VK services have always been a priority for us. We use various tools to strengthen our cybersecurity defenses, and we have long taken advantage of bug bounty programs to test the quality of our services. This method has a real practical benefit. In the last six months, the number of cyberattacks in Russia has increased manifold, and we are happy to see Russian companies launching their own bug bounty platforms. By introducing our bug bounty program on The Standoff 365, we will boost VK's ability to identify vulnerabilities and fix them as quickly as possible."
Yaroslav Babin, CPO of The Standoff 365, commented: "It takes courage for a company to bring in outside cybersecurity experts. But that's exactly the right way for companies to get a reliable and objective assessment of their security, so they can eliminate vulnerabilities in their IT infrastructure before the bad guys find them and cause irreparable damage. Launching a bug bounty program means thinking in the long term. It's a sign that a company is open and cares about the security of its customers' personal data. The mere fact that you have a bounty program makes people trust you more. We are happy to welcome VK on our platform, and we look forward to continued cybersecurity cooperation with such an experienced bug bounty organizer."
Positive Technologies announced the launch of The Standoff 365 Bug Bounty platform at PHDays 11 in May this year. Security researchers working on the platform will be rewarded for identifying vulnerabilities and also for demonstrating ways in which they can be exploited. 1600 researchers have already registered for The Standoff 365 Bug Bounty and submitted 49 vulnerability reports, with the first report being sent 60 just minutes after the platform was launched. Positive Technologies and Russian supermarket chain Azbuka Vkusa were the first companies to host their bug bounty programs on the platform.
The creators of The Standoff 365 Bug Bounty expect that 10 to 20 organizations will add their bug bounties to the platform in 2022. By 2025, that number may exceed 100.