This regulation on contests held on the bugbounty.standoff365.com platform (hereinafter referred to as the "Regulation") governs the procedure of arranging and conducting of such contests.
Client |
A legal entity having issued an assignment to arrange the vulnerability search contest |
Contest |
The contest for searching vulnerabilities in the client's web services and applications as well as ways to initiate unauthorized events, hosted on the organizer's platform |
Contest committee |
A group of persons comprising the client's representatives (at least two) and one representative of the organizer, approved for performing the assessment of the contest participants |
Organizer |
JSC Positivniye Tekhnologii |
Report |
A document submitted electronically by a participant to the organizer (the participant is to complete a form in their account on the platform) which shall contain the description of the completed contest assignment |
Winner |
A participant recognized as the contest winner by the contest committee |
Platform |
A website at bugbounty.standoff365.com |
Participant |
A legally capable individual aged eighteen or above being a tax resident of the Russian Federation in accordance with the effective laws of the Russian Federation and acting on their own behalf. The following persons cannot participate: persons involved in the contest arrangement and holding, members of their families, authors of the code to be analyzed by the participants as part of the contest |
Vulnerability |
A technical flaw in the client's web services and applications which can be used to disrupt their normal operation, integrity, availability, confidentiality, and/or trigger a non-tolerable event as a result of cybercriminal activity, making it impossible to achieve operational and strategic goals or leading to the long-term disruption of core operations |
The award is paid to the winner by remitting funds by the organizer using bank details specified by the winner on the platform. The award amount may only be remitted to the accounts opened with Russian banks and after PIT (personal income tax) withholding. If no notification is received from the participant on the non-receipt of payment within thirty (30) calendar days following the payment completion by the organizer, the latter is considered to have fulfilled its award payment obligations in full.
In order to receive the award, the winner shall specify the following details in their account on the platform:
The organizer retains the right to request a scanned copy of the passport from the winner, including the scanned copies of the pages with passport stamps confirming crossing the Russian borders.
If the organizer is unable to establish the winner's country of tax residence due to the insufficiency of the information provided by the winner, the organizer may reduce the award amount granted to the winner by PIT in the amount of 30 percent.
Should the winner provide unreliable information on the country of their tax residence, the organizer may block their account.