The BugBounty private vulnerability platform for information security has been launched in pilot mode by the Ministry of Digital Development, Innovation and Aerospace Industry of Kazakhstan together with the Center for Analysis and Investigation of Cyber Attacks, Trend reports referring to the draft concept for the development of Cyberschield-2 digital ecosystem for 2022-2027 on the Legal Acts website of Kazakhstan.
"More than 1,110 independent cybersecurity experts have been registered on the BugBounty platform from whom more than 1,200 vulnerability reports have been received. Some of the reports are at critical level. In particular, access to the management of the water supply system of the of Nur-Sultan city, vulnerabilities of the electronic government, possible leakage of 7 million medical data, as well as banking data of citizens in several large banks of the country. According to some reports, payments in the amount of 15 million tenge ($31,764) have been made," the concept states.
The platform hosts such systems as electronic government, large second-tier banks and other. In addition, the Kazakh company has concluded a memorandum with the national banks of Kyrgyzstan and Uzbekistan on the introduction of BugBounty.
In order to legally consolidate the status of the BugBounty platform, amendments to the legislation of Kazakhstan have been prepared within the framework of which the obligation of the operational information security center, operational information security center on acquisition of BugBounty services or the creation of their own is provided.
Public discussions on the draft concept will last until September 5, 2022.