At the Kyiv International Cyber Resilience Forum 2025, a Bug Bash was conducted to test the security of the DOT-Chain IT system, developed by DOT – the State Rear Operator of Ukraine.
The testing was organized by Cyber Unit Technologies in cooperation with the Institute for Cyber Warfare Research (ICWR) and supported by the National Cybersecurity Coordination Center under the NSDC of Ukraine and the Ministry of Foreign Affairs of Ukraine.
DOT-Chain is designed for digital management of food supply logistics for the Armed Forces of Ukraine, and its new module, DOT-Chain Defence, is set to become a platform for military drone operations.
Engaging ethical hackers to test system security is considered one of the most effective methods for identifying potential threats before they are exploited by malicious actors.
Over two days, twenty vetted cybersecurity specialists searched for vulnerabilities in a controlled testing environment under the supervision of the DOT IT team. Their rewards were based on the number and severity of the issues they discovered. At the conclusion of the event, the top three participants were recognized on the forum’s main stage:
Alona — ₴487,000
Whit3_L1ght — ₴56,000
Nigel — ₴56,000The organizers expressed their hope that such competitions will become a regular practice for all critical infrastructure operators and public institutions managing state registers.
Bug bounty programs are not new to Ukraine—some banks and the state enterprise Prozorro have already implemented or continue to conduct similar security testing initiatives. However, the Bug Bash format stands out due to its hackathon-style approach, in which a large number of ethical hackers simultaneously examine a system for vulnerabilities over a short period. This format allows for rapid identification of potential risks and testing the resilience of digital infrastructure under high-stress conditions.
Conducting such tests helps timely detect cyber threats, strengthen the protection of strategically important systems, and ensure their continuous operation amid growing cyber risks.
