YesWeHack raises €4 million and plans to disrupt Europe’s cybersecurity market

YesWeHack, Europe’s leading Bug Bounty platform, announced today it has raised €4 million from Open CNP, the corporate venture program of CNP Assurances, and Normandie Participations. This deal aims at asserting the company’s presence in France and accelerate its international development, notably in Europe and Asia.

Founded in 2013, YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 7,000 cyber-security experts (ethical hackers) across 120 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.

 “YesWeHack mobilises collective intelligence to plug the widening gap in cybersecurity skills – one of the big challenges of the next few decades” 
 
Guillaume Vassault-Houlière, CEO of YesWeHack
 

With this fund-raising, YesWeHack intends to play a key role in the development of an agile approach to security, as a way to accelerate the digital transformation. Bug Bounty fits into the DevSecOps trend (development-security-operations) which embeds security into projects in a more pro-active way, since their inception.  

YesWeHack also strengthens its strategic capabilities with Laurent Seror, chairman of Outscale, Eric Leandri, Chairman and CEO of Qwant, Charles Beigbeder and Jonathan Denais of Open CNP joining the board. 

With this new investment, Open CNP, the corporate venture program of CNP Assurances, adds its 7thproject to its partnerships with innovative start-ups. Open CNP was set up in 2016, tasked with channelling financial support to disruptive start-ups and working alongside them to develop advanced solutions in growth fields – fintech, assurtech, e-health and other technologies – with the long term vision of better serving its customers. CNP Assurance has been using the YesWeHack platform since July 2018 to run its Bug Bounty program.

Normandie Participations is participating in the dynamism of the region alongside other local financing players. Applying its principle of co-investing with private actors, Normandie Participations, funded with 100% Norman capital, targets companies at the stages of start-up, innovation, development, creation, transmission or turnaround. The regional fund has made 38 investments totalling €30 million in a little over 2 years.

YesWeHack joins platform58, the start-up incubator of La Banque Postale

Building Trust at the core of digital transformation.

La Banque Postale puts its customers’ interests above all.

Through the creation of platform58, La Banque Postale asserts its willingness to strengthen its digital transformation for both its employees and customers.

Cybersecurity being a pillar of digital transformation, YesWeHack is looking forward to mobilizing its community in order to improve the banking industry global security.

The banking industry sees itself at a pivotal moment. The expectations of our customers but also of our employees, the rise of new disrupting techs and emerging players, require us to design a more open banking platform. With platform58, a strategic project for La Banque Postale, we embrace this change by creating a French FinTech & InsurTech ecosystem embodying our banking and civic values. We build together (start-ups, customers, partners, etc.) the bank and insurance of the future.

Remy Weber, Chairman of La Banque Postale’s Executive Board.

YesWeHack is delighted to be one of the first 7 start-ups to be hosted by platform58.

platform58 provides support and hosting for start-ups developing solutions in the fields of banking, insurance, technology, but also finance-related services, such as big data, health and education.

The platform58 incubator will offer selected start-ups (max. 10 per year) tailor-made support by experts and managers of La Banque Postale, with no equity investment and no time limit. Other actors, in particular CNP Assurances, 50 Partners1, Visa, EY, TelecomParisTech, 1000Mercis, and Startway will contribute to the success of start-ups.

The 7 selected start-ups

YesWeHack provides its bug bounty platform and expertise to the French Armed Forces Ministry.

YesWeHack is delighted to support the French Cyber Defence Command (COMCYBER), in order to leverage its 3,400 cyber-combatants+ force.

YesWeHack, a French start-up and bug bounty leader in Europe, equips COMCYBER with an innovative concept and tool to boost cooperation with all the Ministry’s cyber entities.

This bold initiative is part of the Ministry opening up towards the civil society and private actors.

Florence Parly, the French Armed Forces Minister, announced on the 22nd of January :

A partnership has been established between COMCYBER and a start-up, YesWeHack. So, yes, I do announce: we will launch the first bug bounty of the French Armed Forces Ministry at the end of February 2019. Ethical hackers, recruited within the cyber operational reserve, will be able to search for vulnerabilities in our systems and, if successful, be as they should be, rewarded.

Florence Parly, the French Armed Forces Minister

With the signing of this partnership, the Armed Forces Ministry becomes the first French Ministry to launch a bug bounty program. COMCYBER will leverage YesWeHack bug bounty platform to meet the growing challenge posed by new cyber threats.

With the YesWehack bug bounty platform, COMCYBER will be able to best use its trusted community of reservists, in order to improve global security of the ministry’s entities

Guillaume Vassault-Houlière, YESWEHACK CEO

This bug bounty program opens new perspectives for the management of the operational cyber reserve. Ultimately, such initiative will make possible to train reservists and increase their skills to significantly and durably improve the Ministry’s level of security.

YesWeHack met sa plateforme de bug bounty à disposition du ministère des Armées.

YesWeHack se réjouit d’apporter ses compétences au profit du Commandement de la cyberdéfense (COMCYBER) qui compte dans ses rangs plus de 3.400 cyber-combattants.

YesWeHack, start-up et leader français du bug bounty en Europe, offre au COMCYBER un concept et un outil novateurs développant la coopération avec l’ensemble des entités cyber du ministère. Cette discipline permet également au ministère de s’inscrire dans une démarche d’ouverture auprès du monde civil, avec l’ensemble des acteurs privés.

Un partenariat a été noué entre le COMCYBER et une start-up, YesWeHack. Alors, oui, je l’annonce, nous allons lancer fin février le premier bug bounty du ministère des Armées. Des hackers éthiques, recrutés au sein de la réserve opérationnelle cyber, pourront se lancer à la recherche des failles dans nos systèmes et s’ils en découvrent en être comme il se doit, récompensés.

Florence Parly, Ministre des Armées.

Avec la signature de ce partenariat, le ministère des Armées devient le premier ministère à se doter d’un exercice de bug bounty. Le COMCYBER va bénéficier de la plateforme de bug bounty de YesWeHack pour s’inscrire dans une vision de la Cybersécurité résolument moderne, où la collaboration et la coordination sont essentielles pour maintenir l’efficience de ses périmètres, face aux nouvelles menaces accentuées par la transformation numérique.

Il nous paraissait essentiel de proposer au COMCYBER la plateforme de bug bounty Yeswehack pour lui permettre d’améliorer sa sécurité opérationnelle grâce à leur communauté de confiance, constituée de réservistes.

Guillaume Vassault-Houlière, CEO YESWEHACK

Le bug bounty ouvre de nouvelles perspectives d’animation de la réserve opérationnelle cyber. À terme, la récurrence de ce type d’exercice permettra d’entraîner les réservistes et de les faire monter en compétences pour augmenter significativement et durablement le niveau de sécurité du ministère.
Ce modèle innovant pourra être facilement activé sur l’ensemble de l’exposition numérique du Ministère des Armées.

***

>> Devenir réserviste de cyberdéfense

La  réserve de cyberdéfense recrute tout au long de l’année des spécialistes dans le domaine informatique, réservistes opérationnels ou citoyens. La réserve recherche différents profils : coordinateurs, experts, analystes, techniciens; à différents niveaux : étudiants en 1ère année en informatique à BAC+5.

Le réserviste opérationnel souscrit un engagement à servir dans la réserve opérationnelle, un contrat rémunéré d'une durée de 1 à 5 ans renouvelable. Ces volontaires font le choix de servir leur pays sans faire du métier des armes leur seule profession.

Les réservistes citoyens sont des collaborateurs bénévoles du service public. Ils choisissent de servir leur pays en faisant bénéficier la défense de leur expertise et leur compétence. En tant que bénévole, ils consacrent le temps qu’ils souhaitent et peuvent, à cette mission.

Les conditions générales pour devenir réserviste

- Etre de nationalité française et résider en France
- Avoir plus de 17 ans
- Faire des études en informatique
- Etre en règle au regard des obligations du service national
- Ne pas avoir de casier judiciaire

Pour plus d’informations ou pour candidater (CV + lettre de motivation) : crpoc.cer.fct@intradef.gouv.fr

Source : https://www.defense.gouv.fr/portail/enjeux2/la-cyberdefense/la-cyberdefense/presentation

YesWeHack sponsor du CESIN : pour contribuer à renforcer la coopération entre les experts et les décideurs.

L’équipe YesWeHack est fière d’annoncer qu’elle devient officiellement sponsor du CESIN, une association qui lui est chère.

YesWeHack et le CESIN vont, ensemble, contribuer à renforcer la coopération entre tous les acteurs du numérique.

La communauté de YesWeHack, forte de plus de 6500 chercheurs, est désormais représentée au sein du CESIN.

Un combo gagnant : la transformation numérique et la Cybersécurité

YesWeHack inscrit ce partenariat avec le CESIN dans le long terme, afin de partager sa vision de la cybersécurité du futur, adaptée aux transformations que connaissent les membres de l’association. 

Ayant contribué au sein du CESIN depuis 2016 en tant que CISO chez Qwant, c’est une fierté de devenir sponsor aujourd’hui avec YesWeHack. Nous allons continuer à participer aux échanges au cœur du CESIN car la cybersécurité est le pré-requis essentiel pour mener efficacement toute transformation numérique auprès des décideurs.”

Guillaume Vassault-Houlière, CEO de YesWeHack.

Avec plus de 500 membres, les activités du CESIN connaissent un succès grandissant parmi les experts en cybersécurité et YesWeHack est très enthousiaste à l’idée de participer à cette dynamique riche de promesses.

Le CESIN a souhaité cette année diversifier son sponsoring en accueillant en son sein quelques startups innovantes.

L’objectif est d’offrir encore davantage de visibilité à des entreprises auxquelles nous croyons beaucoup, comme YesWeHack car elles apportent, par leur innovation et leur audace, une réponse complémentaire aux enjeux de la cybersécurité auxquels sont confrontés les RSSI membres du club.

Alain Bouillé, Président du CESIN.

YesWeHack et le CESIN vous donne donc rendez-vous en 2019 pour une année constructive faite de rencontres et de projets concrets.

Open Source software audits via Bug Bounties for the EU institutions: digital.security and YesWeHack awarded.

digital.security and YesWeHack are glad to be part of the 3 winners of the tender for Free and Open Source Software Audit (FOSSA OSS-BB). FOSSA OSS-BB’s main goal is to help improve the overall security of the Internet by focusing on free and open source tools used by Citizens and Public entities of European Union.

DevSecOps : dredging DevOps in Security for better performance and less stress.

Digital transformation requires security at the core of DevOps culture and processes.

Under pressure from business lines, DevOps teams need concision, speed and security to ensure continuous integration and delivery. Security unfortunately is -too often- considered as an constraint to agility and it has to be demystified for a better and faster takeover by DevOps teams.

Given the recent stories about data breaches that blackened famous corporations like Facebook and Equifax, the time has come to empower your DevOps Team with security.

We will try to cover the organizational and cultural challenges in order to set up effective DevSecOps and how, as a manager, you can develop security awareness and skills in your agile teams. 

Last but not least, we will try to point out how Crowd Sourced Security is a key enabler of your DevSecOps strategy to success.

Source https://tech.gsa.gov

What is at stake ?

Read More

FIC 2019: YesWeHack’s community, NGOs & CivicTech unite through a unique Bug Bounty Campaign.

For this edition of FIC 2019, YesWeHack is organizing, for the first time in the history of FIC, a special event dedicated to Bug Bounty.

The International Cybersecurity Forum: the European reference event bringing together all stakeholders in digital trust will take place on 22 and 23 January.

This unprecedented bug bounty campaign will take place in an original space reserved for dozens of security researchers so that they can operate over several scopes, and where applicable, earn rewards according to the criticality of the reported vulnerabilities.

For this Premiere, the scopes are submitted by NGOs and CivicTech projects wishing to harden their systems and thus better protect their information assets and their reputation.

YesWeHack has chosen this year to help NGOs and Civictech as a priority, because many European citizens use tools developed by this sector to contribute to the common good, democracy, associative and charitable projects.

“For all actors, customers, developers and researchers, this Bug Bounty campaign within the 2019 FIC is a great and useful opportunity to exchange and confront the reality of threats in order to significantly increase the level of security and privacy by design”

Guillaume Vassault-Houlière – CEO @YESWEHACK

The Bug Bounty’s area will welcome bug hunters who will cooperate with “program managers” from the selected projects with the support of Romain Lecoeuvre, the CTO of the YesWeHack team.

The rewards will be of two types: a total prize pool of several thousand euros is planned to reward the best researchers and goodies collectors will delight some players.

Read More

New YesWeHack Bug Bounty platform: For a better program management

Thanks to the impressive work of our team,  our Bug Bounty platform has been revealed with new features for program Managers.

So we would like to share with you the new features below 🙂

New program structure
We have reviewed the structure of the programs by adding several fields.

A « Scope » field to define its types and perimeters (links, webapp, iOS Apple Store, Android)
An « Out of scope » field if applicable
« Qualifying Vulnerabilities » for a reward
« Non-Qualifying Vulnerabilities » for a reward
And a mandatory compensation grid based on criticality (Low / Medium / High / Critical)

Please update your Bug Bounty program by filling the new fields to better manage your perimeter.

New report workflow
We have reviewed the workflow for qualifying bug reports.
It is said that a picture speaks a thousand words so please take a look below:

[Optional] Free VPN
We offer all our customers a free VPN, which will allow you to provide hunters a dedicated connection to meet your program’s legal framework, but also to be able to open dedicated environments (IP filtered).

Profile page
Each hunter now has a profile page through which all his activity within the platform is highlighted including his ranking.
This allows YesWeHack’s client companies to select the hunters and to invite them into their programs based on their impact score or activities.

Two-factor authentication (TOTP)
We have integrated a two-factor authentication to increase the security level of your YesWeHack account.

New report structure
The details of the bug reports have also been reviewed, providing more clarity to the program manager. The ergonomics of the tools used for qualifying reports have also been redesigned to offer you a greater efficiency. These new programs/report structures linked to the provision of a public API allows an optimal capitalization of vulnerability reports (DevSecOps).

New dashboard
The new dashboard offers you all the statistics related to the reported bugs (severity, status, classification… etc.) but also concerning the amount of paid rewards.

API
We do provide an API so that you can develop or connect your own tools.

Members at all levels
We have improved granularity in member management. You can invite members to your business unit, but also to your programs and reports. The number of members is unlimited.

We hope that you will enjoy this new version as much as we do. Please be aware that we are still ready to listen to your feedbacks, questions and/or comments.

***

Click here to discover the new YesWeHack Bug Bounty Platform

***

YesWeHack Version 2 : And improvements for all Hunters !

Dear hunters,

Over the last months, we’ve been hard at work developing our new bug bounty platform. While engaging with you, we’ve made big changes to some parts of our services that needed improvements even a redesign.

Today, we would like to share some of these changes with you, and cover the benefits of the update.

We have a brand new logo!
Our branding is evolving with a new logo and design and we do think it provides a better look and we hope you will like it.

YesWeHack New Logo

We’ve been listening to your feedback about the previous platform experience and thanks to You we were able to develop a brand new user experience.

Profile page
Each hunter now has a profile page through which all his activity within the platform is highlighted including his ranking.
This allows YesWeHack’s client companies to select the hunters and to invite them into their programs based on their impact score or activities.

Bug Hunter Public Profile

Two-factor authentication (TOTP)
We have integrated a two-factor authentication to increase the security level of your YesWeHack account.

TOTP new security 2FA for bug hunters

New programs display
The display of a program’s details has been completely redesigned to provide a better user experience.
In addition to the traditional information related to a Bug Bounty program, we improved -in a very visual way- the current activity on the program (number of reports, thanks… etc.) but also the reward bracket that the security expert can expect.

New billing process
We have completely reviewed the billing process. This will allow you to comply with the requirements of the tax authorities.

Billing process for Bug hunters

Program versioning
It is not always easy for the hunter to follow the evolution of a bounty bug program over time. That’s why we implemented a versioning feature on the program display.

Versioning of bug bounty program

***

We hope that you will enjoy this new version as much as we do.

We Wish You a Happy Hunting !

Please be aware that we are still ready to listen to your feedback, questions and/or comments.

***

Stay Tuned !
Soon, we will post about the new features improving our clients’ experience.

Page 1 of 6

Powered by WordPress & Theme by Anders Norén