Leveraging Ethical Hacking in Russia

Exploring the Design and Potential of Bug Bounty Programs

Authors

  • Evgeniia Rudenko KU Leuven, WWU Münster, Tallinn University of Technology
  • Anastasia Gnatenko Diplomatic Academy of Vienna
  • Andrew Milich Stanford University
  • Kathryn Hedgecock Stanford University
  • Zhanna Malekos Smith King's College London

Abstract

Our increasingly internet-connected world has yielded exponential demand for cybersecurity. However, protecting cyber infrastructure is technically complex, constantly changing, and expensive. Small organizations or corporations with legacy systems may struggle to implement best practices. To increase cybersecurity for organizations in Russia, we propose fostering a culture of ethical hacking by supporting bug bounty programs. To date, bug bounties have not had the same level of success or investment in Russia as in the United States; yet, we argue that bug bounty programs, when properly established, institutionalize a culture of ethical hacking by establishing trust between talented hackers and host organizations. This paper will first define ethical hacking and bug bounty programs. It will explore the current bug bounty landscape in Russia and the United States. Based on issues identified, we will proceed to offer a set of best practices for establishing a successful bug bounty program. Finally, we will discuss some considerations for setting up bug bounty programs in Russia.

Downloads

Published

2020-06-26