Director of Strategy and Development of Axiom JDK Technologies

[tanjimajuha20]

Zecurion Deputy CEO Alexander Kovalev believes that bug bounty is useful, but it is necessary to divide software and equipment into different categories: "Firstly, there is criticality - its relation to critical information infrastructure, to personal data, that is, how important this software and equipment is - what will happen if it is hacked. Secondly, there is certification, for example, FSTEC, and it makes sense to link them together, because some of the requirements that hong kong cell phone number list are there allow you to prevent a number of possible attacks. It is also worth keeping in mind that small vendors at an early stage of their development will not always have the opportunity to record many bugs and vulnerabilities that they find. Here such a moment arises: bugs will be found, but they will not have time to technically record them, ratings will be low, sales will fall, and this will be a vicious circle that slows down the development of the company. I believe that this should still be voluntary, so that the people who are responsible for this are interested in sending their developments there and receiving some more interesting opportunities for improvements. The rating is not very good, but the status that it has been verified is already a better idea."

"Bellsoft", Head of the Information Security Committee of ARPP "Domestic Software" Roman Karpov recommends starting work with the rating of state information systems (GIS): "It is no secret that when building them, contractors and departments operating the systems neglect the basic rules of IT hygiene, record the software versions on which the GIS is built and do not update them, including security updates, justifying this by the operation of systems in a "closed circuit". For products based on open source projects (subject to compliance with IT hygiene), there are no pitfalls. But for proprietary systems or systems with limited access, the program can highlight a number of existing problems. In general, it is unlikely that preferences should be given for a bug bounty. In itself, if a manufacturer has such a program, it shows a high level of maturity of the solution."