Ukraine launches bug bounty program to find vulnerabilities in Diia App
The Ministry of Digital Transformation is offering a hefty reward of UAH 1 million (nearly US$37,000) for finding the weak spots in the Diia platform for government services and e-documents.
That's according to the ministry's press service.
"The Diia is the safest Ukrainian government's IT product. The application stores no personal data, only displaying information that has already been filed on you across various registers," the statement reads.
Later today, Deputy Prime Minister, Minister of Digital Transformation Mykhailo Fedorov is expected to hold a briefing on the bug bounty launch.
"Participants will search for vulnerabilities (bugs) in the application and ultimately receive a reward for each such bug found. The priority of this stage is testing the Diia.Signature. The prize fund is UAH 1 million," says the statement.
The officials note that anyone is welcome to take part in the effort, regardless of experience and qualifications.
The bug bounty is being implemented with the support of the Bugcrowd international platform and USAID's Cybersecurity of Critical Infrastructure of Ukraine program.
As Ukrinform reported earlier, on December 8, 2020, the Ministry of Digital Transformation launched the initial bug bounty crowdsourcing initiative vowing to reward individuals for discovering and reporting bugs in the Diia application.
A test version of the application was created, which displayed no personal user data. The effort has reportedly found no critical vulnerabilities that would affect safety of the application.
Background
One in four Ukrainians, that is, 10 million people, use the Diia products, according to the Ministry of Digital Transformation of Ukraine, as Ukrinform reported earlier.
The Diia brand and concept (both the online portal and the application) were initially presented in Kyiv on September 27, 2019. Thirty-three online services and a number of e-documents were available in the first version of the app.
In October 2020, the Ministry of Digital Transformation presented an updated application Diia 2.0, launching a number of new administrative services on the Diia portal.
On May 17, 2021, new services were presented within the Diia, individual entrepreneurship registration, taxation, registration of property rights, online registration of residence address, and others were launched.