The Yandex team announced the relaunch of the Ethical Hackers program.
“Bug Hunt” has been working for almost ten years and since 2012 Yandex has transferred more than 30 million rubles to the program participants – computer security specialists who find vulnerabilities in the company’s products.
Now Yandex is increasing payments – for reporting an error, you can get up to 750 thousand rubles. Vulnerabilities that allow potential attackers to make so-called injection — that is, execute their code on the server — are rated highest.
In addition, Bug Hunting is in two directions: the first is Yandex infrastructure, services and applications, and the second is Yandex Browser. For each direction, Yandex has developed a detailed classification of vulnerabilities. From it, “hunters” can find out what types of errors are of interest to Yandex in the first place and what kind of reward is due for them.
It is also noted that the mini-investigation of the found error will now be carried out faster, it is carried out by the security engineers on duty together with the service team in which the error was found.
Another innovation is that the program has launched its own support service, where “hunters” can answer various questions, for example, what data must be provided in order to receive a reward, or what to do if the transfer does not come.