Igor Lyapunov, the vice-president of Rostelecom on information security, told that the platform will function similarly to the HackerOne resource. The company was one of the first to attract hackers to cooperate. Twitter, Slack, Adobe, Yahoo! and other major resources work with it. HackerOne pays specialists for the bugs found. The project will be implemented on the basis of the National Cyber Polygon created by Rostelecom.
“Participation in vulnerability search programs is a really correct and useful practice, which allows detecting weaknesses in protection in time,” Lyapunov stressed, adding that banks have to use HackerOne for the same purposes one way or another.
Experts believe that the Russian analog of the platform will increase the security of the Russian banking infrastructure. It will provide access to the expertise of white hat hackers for companies that have legal difficulties using a foreign platform.
Tinkoff bank already uses such a platform, and several more Russian banks are planning to use their services in the future.
Nevertheless, experts pointed to the weak control of methods and tools. According to them, the reward always remains only a formal reason for participating in the research, while the real cost of the vulnerabilities found can be significantly higher on the black market. So, hackers may subsequently resell tools for hacking infrastructure.
The expert of the Jet Infosystems company does not see any risks in the use of foreign platforms by Russian banks, because each of them has rules and companies set restrictions for researchers. According to him, if the platform for white hat hackers is launched on the basis of the Russian National Cyberpolygon, Russian banks will trust this platform more.
