In 2023, the company doubled its payments compared to 2022, allocating 70 million rubles for the vulnerabilities found.
The increase in prizes is associated with an increase in the number of competitions and program participants. The main source of income for white hat hackers has become competitions, which allow them not only to increase rewards for vulnerabilities but also to focus on priority areas of security.
The largest awards (12 million, 7.5 million and 3.7 million rubles) were awarded to critical vulnerabilities. The record holder was a hacker who sent 41 reports and received 17 million rubles for it.
The most popular reports were those regarding XSS vulnerabilities. Yandex even organized a separate contest to find them. These types of vulnerabilities are often used by attackers to bypass website security and insert malicious code.
Yandex plans to increase the payment fund to 100 million rubles in 2024.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
