Vedomosti: Russian government will pay 800 million rubles for finding vulnerabilities in IT systems

Vedomosti: Russian government will pay 800 million rubles for finding vulnerabilities in IT systems

The Russian authorities invited researchers to search for vulnerabilities in IT systems, including the state, the newspaper “Vedomosti” with reference to the government approved action plan on information security in the framework of the digital economy.

According to the document, before the end of 2020 for these purposes will allocate 500 million rubles from the budget and 300 million roubles of extrabudgetary funds. Tracking vulnerabilities should start already in April. For the project meet the Ministry of communications, the FSB and the Federal service for technical and export control. The contractor was selected as a Centre of excellence for import substitution in the field of information and communication technologies.

Director of the center for Ilya massukh told the newspaper that the test will be how the Russian state IT systems and IT products of domestic and foreign vendors.

Developed two test models: the first will be chosen by the customer finding vulnerability, which will offer their system to the test and can give access to it. The second model testing and without notifying the developer of the system. Funds between these two models will be distributed approximately 75% to 25%, said Mr. Massukh.

He added that the testing will allow individuals and companies. In this part of the test will be available only for the companies, as these tests may require access to infrastructure systems.

Discovered vulnerability, depending on their nature, will either publish after their elimination, or to keep secret from all but the vendor or the owner of the IT system.

One of the sources of “Vedomosti” in charge of a registered security research, admitted that the found vulnerabilities “will find some secret use.”

The representative of the Ministry of communications are not told what they would do with the discovered vulnerabilities and will test products to overseas vendors.