VK is allocating a separate project of its Bug Bounty vulnerability search program for VK Video services. The maximum reward for security researchers will be 2.4 million rubles for identifying a critical vulnerability.

The new project will become available on all three platforms where the VK Bug Bounty program is hosted - Standoff Bug Bounty, BI.ZONE Bug Bounty and BugBounty.ru. The scope of search for researchers involves VK Video services, including apps on iOS and Android devices as well as TVs.

The launch of a separate Bug Bounty program for VK Video is driven by the growing popularity of the service. In the third quarter of 2024, the average daily number of views of VK Video increased by 48.5% to 2.6 billion. The cumulative time viewers spent watching on VK Video increased by 265% compared to the same period in 2023. Viewers of the Smart TV app had the longest viewing time - an average of 205 minutes per day. According to researchers VTsIOM, 59% of Runet users actively used VK Video on a daily basis. Most often, Russians logged into the VK Video app to watch videos from their smartphones^[1].

The new project will also be covered by the Bounty Pass mechanic: the more security vulnerabilities a researcher finds, the bigger the payout he gets with a cumulative bonus. This is a unique VK program aimed at increasing rewards for independent researchers which steps away from paying out fixed amounts. It is based on the Battle Pass concept of the gaming industry. Bughunters' personal achievements allow them to increase report payouts, receive unique gifts and participate in special VK events.

“VK has been developing a community of bughunters since 2014, which helps us to further test the security of our products, strengthening their protection, reliability and smooth operation. This is especially relevant for VK Video as the number of views, authors and traffic grows,” said Peter Uvarov, head of VK Bug Bounty.

VK is one of the first companies in Russia to start paying third-party security researchers for identified vulnerabilities. Over the 10 years since VK Bug Bounty was launched, the company has processed over 18,000 reports from bug hunters and paid out over 236 million rubles.

You can read more about VK Bug Bounty here, and the program itself is already available on all platforms: Standoff365, BI.ZONE Bug Bounty and Bugbounty.ru.

^[1] Source: VTsIOM survey, September 20 to 24, 2024; 2,000 Russian citizens, 14+ .