Russia is mulling a bug bounty program to find and eliminate bugs in government-approved software.
Local media report deputy Communications Minister Aleksei Sokolov is discussing a possible bug bounty with the Russian tech sector.
The implications of such a bounty are being considered including staffing requirements for bug triage and validation, and the need to find a way to force developers to develop and apply patches for affected software.
Sokolov has not set the bounty in stone and is only considering what would be one of the first government-run bug bounties and the first to apply to government-approved software.
If approved, it would go some way to help improve the security postures of government agencies who are required to select software from government approval lists.
|Feature: The bug bounty boom.|
Local security bods told broadsheet Izvestia (Russian) software in that country is characterised by poor code quality, with the exception of the banking sector that has in recent years hardened its security.
It follows the development of a Russian mobile operating system which would rival Android.
Open Mobile Platform is pitching the Linux-based system as a secure alternative to Android for enterprises and privacy types.
The US operates a government bug bounty through the Hack the Pentagon initiative. Some 100 bugs have been shuttered since the limited-scope program launched in March. ®
Thanks to @agelastic for help with translation.