The Ministry of Communications wants to attract hackers to find vulnerabilities in software, entered in the register of domestic software, the newspaper “Izvestia” .
“One of the promising directions of state activities in the field of information security must be to coordinate the development of recommendations in the field of safety and regulations testing methods of reacting to cyber threats, including the possibility of the introduction of search software vulnerabilities bug bounty. We are working on the possibility of using this international principle for products included in the register of domestic software, and for other objects used, for example, in the APCS (automated process control system) and other critical infrastructure, “- said the publication of communications Deputy Alexei Sokolov.
The so-called bug bounty is a contest of hackers in a format providing for their bonuses for finding vulnerabilities on websites or in this or that software. Similar competitions are actively practiced by many companies. For example, last year the social network “VKontakte” paid hackers for found vulnerabilities more than 70 thousand dollars, and recently the results of the first public bug bounty brought in the Pentagon.
The idea to attract hackers to improve the domestic software and commented on in the press service of the Ministry of Communications. Ministry officials said that the possibility of applying this approach is discussed by the Ministry with the industry community.
“The initiative is also supported by a number of large state-owned companies and the private sector. The use of a system of grants to individuals and organizations to promote in the field of detection studies vulnerabilities on international experience, is an effective additional measure of information security software products expenditure of the federal budget for these purposes, as well as the involvement of other public resources are not planned, “-. said in a statement agency
according to. Director of methodology and standardization of Positive Technologies company, Dmitry Kuznetsov, the Russian software market has long been characterized by “disregard” attitude to the quality of the code. Later, the situation began to change in the banking sector, where the annual loss from hacker attacks began to run into billions of rubles. But in other areas of the picture remains dismal. Change it may import substitution process in which developers are interested in the fact that their software are in the registry of domestic software. For example, if the developers, among other requirements will be the obligation to demonstrate the quality of their development by means of programs that’s bug bounty.
In this case, Kuznetsov said that the holding of bug bounty due to technical and organizational difficulties. So, the developer can not always put the distribution program for research. In addition, the professional development of some companies that create software that may not be enough to adequately assess the hackers message on the vulnerabilities found.
“Such difficulties are many, and carrying bug bounty programs today is the prerogative of the major software companies. The situation You can change, if you combine the efforts of major interest of consumers, such as the same banks, natural monopolies, as well as the developers themselves, other stakeholders, and to create a single platform for such research, “- said Kuznetsov.
No comments:
Post a Comment