On March 1, 2023, Standoff 365, the largest Russian bug bounty platform, launched a public program to look for vulnerabilities in its own systems. It’s a way to openly verify that its services are properly protected and show concern for the security of its clients. The Standoff 365 bug bounty is an open program with the reward of 1 million rubles for finding the most dangerous vulnerabilities.
In Q4 2022, the number of hacker attacks on IT companies increased by 18%. The IT sector was very nearly among the top three most attacked industries. Attackers often target IT companies as, once inside, they can launch further attacks on the company’s customers—users of the products and services.
"Launching our own bug bounty program is a serious step in the development of Standoff. The platform contains a lot of data that is important for us and our clients, so the program will help us to strengthen our security and prepare the development team to quickly change processes, finding and fixing bugs at an early stage. We want to show everyone by our own example that bug bounty programs are nothing to be scared of and that the operation of services is not negatively impacted by bug hunters searching for vulnerabilities," said Anatoly Ivanov, Head of Standoff 365 Bug Bounty Development.
During the Standoff 365 bug bounty program, researchers will have access to all the subdomains of the platform’s website (standoff365.com), including the authorization (auth.standoff365.com), bug bounty (bugbounty.standoff365.com) and cyberrange (range.standoff365.com) domains. The ethical hackers will be rewarded depending on the severity of the vulnerabilities they find: 1 million rubles for the most critical bugs, 250 thousand rubles for less severe but still dangerous ones, and 50 thousand and 15 thousand for medium and low risk bugs, respectively.The next step in the program’s development will be to launch a bug bounty initiative for the hackers to actuate unacceptable events, with rewards of up to 2 million rubles. The platform will also offer other types of rewards, such as merchandise and invitations to events, to motivate researchers.
Standoff 365 Bug Bounty platform (bugbounty.standoff365.com) was launched by Positive Technologies in May 2022. Since then, 1,200 reports have been received from bug hunters, more than 900 vulnerabilities have been found, and the total rewards paid have already exceeded 14 million rubles. In terms of the number of participants and programs, Standoff 365 Bug Bounty has become the leader among domestic competitors: 4,000 people have registered and 44 programs have been launched. The platform also offers unique opportunities for participation: researchers can not only find vulnerabilities, but also discover unacceptable event scenarios.