The Ministry of Digital Development of Russia is going to introduce the concept of bug bounty into the legislation in order to legalize payments to white hat hackers. Vedomosti writes about this, citing a source in the market for the development of cybersecurity tools.
"White" or ethical hackers are specialists who, on a contractual basis, help companies test information systems and eliminate vulnerabilities. The term bug bounty refers to bounty programs for such hackers. Now they are not defined in any way in Russian legislation. There is only a “regulation on competitions”, which describes the conditions for remuneration.
While the concept of bug bounty is not defined in any way in Russian legislation, it can be interpreted as "illegal access to computer information" (Article 272 of the Criminal Code of the Russian Federation). A similar story was told to Vedomosti by security business consultant Alexei Lukatsky:
“It is enough to recall the story of the administrator of one of the telecom operators in Obninsk, who decided to help clients and scanned their network for vulnerabilities, for which he was taken by the FSB and is now being tried under Art. 274.1 for unlawful influence on the KII of the Russian Federation. <…> On the one hand, the researchers act within the framework of the agreement and they have no malicious intent, but on the other hand, the agreement does not describe everything and their actions can cause damage, which can lead to consequences.”