World’s largest bug bounty of $650,000 announced

World’s largest bug bounty of $650,000 announced

Positive Technologies is constantly refining its approach to result-driven cybersecurity: as part of the bug bounty program Positive Dream Hunting, security researchers from around the world can attempt to trigger two non-tolerable events. The first person who can inject malicious code into the company’s products or steal money from its accounts will be rewarded with more than $650,000. 

Over the past two years, Russian companies have been hit by a record number of cyberattacks. Many companies started implementing result-driven cybersecurity by identifying and verifying non-tolerable events, monitoring key and target systems, conducting regular cyber exercises, and participating in bug bounty programs. Middle Eastern countries where companies and critical infrastructure are increasingly being hit by cyberattacks, 83% of which are targeted, can also put the Positive Technologies experience to use.

Alexey Novikov, Head of the PT Expert Security Center at Positive Technologies, said: “Launching a bug bounty program focused on non-tolerable events is the only way for a company’s CISO and senior management to test the effectiveness of its security systems.”

Positive Technologies was the first in the industry to dare to change the rules and goals of bug bounty programs by starting to engage independent security researchers to analyze how non-tolerable events can be triggered. In November 2022, the Standoff 365 platform hosted a bug bounty program in which participants were challenged to steal money from corporate accounts—a true non-tolerable event for Positive Technologies. With the help of payment agents, Standoff 365 can pay rewards to researchers in different currencies in Russia and abroad.

Positive Technologies expects other organizations, especially those with mature cybersecurity processes, to follow suit in 2024. Companies have started to take a keen interest in analyzing scenarios of non-tolerable events; the number of bug bounty programs has also increased.

At the Standoff 12 cyber exercises in November 2023, Positive Technologies re-created part of its real infrastructure, including software development, build, and delivery processes, in order to test whether it was possible to introduce malicious code into its products. Participants of the cyberbattle tried and failed to introduce a backdoor into the source code of one of the company’s products.

Three months after conducting the exercises on the cyberrange, the company is launching an open program on the bug bounty platform with a $650,000 reward. The reward will be granted to a bug hunter (or a team of bug hunters) who will be able, following the program rules, to place a malicious build with malicious code on the gus.ptsecurity.com internal update server or the update.ptsecurity.com public servers. This participant must also prove that the build can be downloaded, by providing a screenshot with the necessary permissions. Researchers are prohibited from using a modified build. In addition, Positive Technologies’ internal security mechanisms prevent any malicious update from spreading to products used by the company’s customers.

White hat hackers who manage to come close to causing a non-tolerable event (those who get within several steps of being able to do it) will also receive a reward. Participants can get $3,300–5,500 for penetrating the network perimeter and getting a foothold on a host while injecting code into a public product release at the storage or test stage will be worth $33,000–55,000.

To ensure result-driven cybersecurity, Positive Technologies uses its own products, with the latest features. MaxPatrol SIEM security information and event management system collects logs from all corporate assets, PT Sandbox inspects email attachments and files from traffic, and PT Application Firewall protects web resources. In addition to the Positive Technologies SOC, MaxPatrol O2, an autopilot product anchored on result-driven cybersecurity, operates in test mode.

Vertiv Outlines Best Practices of High-Density Cooling for Data Centers

Vertiv Outlines Best Practices of High-Density Cooling for Data Centers

Mahmoud Abdelmoneim, Sales Director for Middle East, Turkey & Central…
How Generative AI Accelerates Digital Transformation

How Generative AI Accelerates Digital Transformation

Lori MacVittie, F5 Distinguished Engineer discusses the impact of…
Maintaining Balance Between Performance and User Experience

Maintaining Balance Between Performance and User Experience

Gaurav Mohan, VP, SAARC & Middle East, NETSCOUT, discusses that…
Microsoft reveals Top Three teams for Imagine Cup!

Microsoft reveals Top Three teams for Imagine Cup!

Today marks a pivotal moment in the 2024 Imagine Cup as Microsoft reveal…
OPPO collaborates with startups for tech advancements

OPPO collaborates with startups for tech advancements

Today, with 150 million startups worldwide and another 50…
TikTok awards women entrepreneurs in Riyadh

TikTok awards women entrepreneurs in Riyadh

TikTok MENA celebrated the conclusion of the second edition of…