Ten years of Bug Bounty

We held an anniversary event from September 20 to October 19. For every vulnerability participants discovered in the company’s services and infrastructure, they earned a 10x reward.

Some statistics:

• Participants submitted 440 bug reports, which covered 150 unique vulnerabilities.
• We paid out a total of 31 million rubles to the winners.
• The most popular categories were XSS and IDOR.
• SQL injections had the fewest bugs (only two).

The best hunters have their names on display in the Hall of Fame.