The HackYourMom team advocates for life to achieve important, in our opinion, sovereign initiative, de security.txt as the national standard for Bug Bounty programs on the territory of all Ukraine. In a moment, we will explain to you why the sense of this initiative is used, but at the same time we will be familiar with the main terms, in which it is necessary to develop for the shortest understanding of our proposition.
Security.txt is a popular web site security standard, which is intended for private investigators (hackers, security engineers) to easily report the security concerns of these sites to their resource owners. Today, security.txt files have been adopted by tech giants like Google, GitHub, LinkedIn and Facebook.
Bug Bounty program is a process in which the company obtains third-party cybersecurity facsimiles (hackers, security engineers) to test its software security on the botch for instant winegrowing. For skin strife (Bug), the hacker will take the wine city (Bounty). The company publicly denounces the scope (like the English “Scope” – “obsyag”) robit, vinogoriy for strife, and whether it is bad, you can register and take part in the Bug Bounty program.
Now, if you are familiar with the basic terminology, let’s move on to the most important and detailed look at our sovereign initiative.
As we have already said more, we promote security.txt as the national standard for Bug Bounty programs on the territory of all Ukraine. It is sensible that the placement of this file in the root of all state-owned sites will allow our private successors (hackers, security engineers) to gain information about the influx of Ukrainian state-owned resources without the need for additional resources on the platform. We note that this decision is the best for the country for a number of reasons:
1) This decision allows you to avoid corruption risks, which can be blamed in the course of a third party investigation, private companies or Bug Bounty platforms, which serve as services in the sphere of information security. Lobіyuvannya _interesіv podіbnіh kompanіy often zdіysnyuєtsya z method pereshlіduvannya sobistії ї іnansovoї ї vegodi, and sam_ kompanії not zavzhdna nadatno okіsnі services in order to show critically important inconsistencies in the sovereign sites.
2) Placing security.txt at the root of all government sites eliminates any mediation between the customer (state) and the specialist (hacker), thereby improving the quality of services, as an open financial reward will attract a large number of interested high-quality specialists to solve the necessary tasks.
3) Availability of security.txt in the root of all state-owned sites, giving the opportunity to fakhivtsy to work with usma state-owned sites at once, which will speed up the process of fixing the critical quibbles of the states. sites in the country at dozens of times. Hundreds of fahіvtsіv today can shukati volubility on the same number of holdings. sites, at that hour, like a company, intermediaries can work out a maximum of 300,000 sites at once, spending more time on that hour and earning a larger amount of penny resources.
4) This decision is financially viable as for the state, so for the fahivtsiv, as for the work. Without the presence of a third party, the power of the mother can offer more money to the financial wine city for knowing the difference, and the fahivets, vykonuyuchi work, do not pay the money to the intermediaries. If you don’t care about those who earn more money, the total amount of money spent by the state will appear smaller in the result, lower when working with intermediaries.
5) The high drink, created by the power, stimulates the growth of the interest of the average citizens to the sphere of cyber security, which in its capacity has brought the growth of high-level fahivtsiv in Ukraine and the accelerated development of the IT industry in the country.
6) We want to give the chance to those who need help to improve the information security of the sovereign resources of Ukraine.
As you can see for yourself, based on the arguments presented above, the implementation of this state initiative fully meets the interests of our country and will cause significant and fairly rapid changes in the field of state cyber security, which is certainly a very important factor for the high-quality work of state structures and the preservation of private state information