Yandex has raised the stakes in its “Bug Hunt” program, doubling the maximum reward for ethical hackers. Participants can now earn up to 3 million rubles for uncovering critical vulnerabilities in Yandex services.
The largest payouts apply to Remote Code Execution (RCE) vulnerabilities found in Yandex Mail and Yandex ID. These types of issues allow remote attackers to run arbitrary code, posing significant security risks.
For Yandex Cloud, the top reward of 3 million rubles is reserved for vulnerabilities related to cloud infrastructure. This includes serious threats like Virtual Machine escape, which targets the core of cloud-based virtualization systems.
The company has also increased rewards for other types of bugs across its platforms. The specific amounts depend on the severity and impact of the issue.
Yandex says the goal of raising rewards is to attract skilled independent security researchers. By doing so, the company aims to further test and confirm the strength of its systems against cyber threats.
The Bug Hunt program covers a variety of Yandex services. Details on eligible systems and corresponding rewards can be found on the official program website.
This update follows Yandex 360’s recent certification under the ISO/IEC 27001:2022 standard. That certification confirms the company’s security management meets recognized international benchmarks.
Yandex’s move to boost its bug bounty reflects a growing trend in the tech industry to rely on ethical hackers to find security flaws before attackers do.
