Yes We Hack : Vulnerability Coordination through CrowdSourced Security
Every business needs a vulnerability disclosure policy. Thankfully, a growing number of organisations have one. Yet, those programs are not always a click away. Here’s to a unique plugin for both Chrome and Firefox, because making it easy to report issues need not be much work.
Under pressure from business lines, DevOps teams need concision, speed and security to ensure continuous integration and delivery. Security unfortunately is -too often- considered as an constraint to agility and it has to be demystified for a better and faster takeover by DevOps teams.
Given the recent stories about data breaches that blackened famous corporations like Facebook and Equifax, the time has come to empower your DevOps Team with security.
We will try to cover the organizational and cultural challenges in order to set up effective DevSecOps and how, as a manager, you can develop security awareness and skills in your agile teams.
Last but not least, we will try to point out how Crowd Sourced Security is a key enabler of your DevSecOps strategy to success.
What does a YesWehack partner do ?
Every organization is concerned by cybersecurity and most of them can see that traditional solutions (penetration testing & scanners) are not sufficient anymore. As a result, whatever the size or industry, they are increasingly numerous to opt for Bug Bounty.
By 2022, crowdsourced security testing platform products and services will be employed by over 50% of enterprises, up from less than 5% in 2018.
Gartner 2018 Market Guide on Crowdtesting
Indeed, Bug Bounty is the only solution that can pretend to exhaustiveness, responsiveness and continuity in the tests. More importantly, Bug Bounty meets organizations growing need for agility > https://www.yeswehack.com
For all that, any organization that wishes to set up/implement Bug Bounty programs is not ready to manage by itself yet; indeed the Bug Bounty process involves:
• The program‘s creation : determination of the scope, rules, researchers’ reward grid, etc.
• The program’s day-to-day management and interaction with the researchers
• Vulnerabilities and researchers’ test reports validation and management
Lacking time, resources, skills and process, some organizations can be intimidated by the implementation of a Bug Bounty Program in spite of unrivaled benefits they could get out of it.
This is where our partners step in.
Why Becoming of YesWeHack Partner?
Cross-site scripting (XSS) is one of the most common web application vulnerabilities and is still present in the OWASP Top 10-2017.
The goal of this paper is not to explain how to bypass antiXSS filter in browser or WAF protection, but to figure out what possibilities are offered by XSS vulnerabilities.
CISOs like Bug Bounty Managers need to pay attention to this kind of vulnerability which -at times- can be critical through the first steps of chaining.
By Guillaume Vassault-Houlière | CEO of YesWeHack
Through our European platform YesWeHack.com, Bug Bounty is gaining respectability in France and Europe.
Bug Bounty is an innovative and operational practice from the United States that rewards security experts who find security flaws in IT systems.
Within a complex geopolitical context, Europe and France can compete in defending a European model of digital sovereignty.
In the light of new threats and given reports of organizations that are victims of piracy and irreversible damage, some innovative cyber security policies and approaches need to be adopted.
Cybersecurity is a powerful ally for leading digital transformation.
YesWeHack.com – the first European Bug Bounty platform – was launched in early 2016.
Unlike some other platforms, YesWeHack.com presents some specific and legal features that are designed to strengthen its relevance, security and legitimacy.
Above all, Bountyfactory.io focuses on security and legal framework :
Our Servers are based in Europe. Therefore, No data exposure to the US services via FISA, Patriot Act, Freedom Act.
Have you ever watched The Lift ? A Dutch horror movie by director Dick Maas about an intelligent ( or smart ?) and murderous elevator starting a killing spree. (Source : wikipedia)
Scary, isn’t it ?
Beyond fiction, the film “The Lift” aimed at questioning technology, systems you can not regain control over.
Nowadays, we are told about the benefits of design thinking, internet of things and their tremendous power in terms of digital and economic development… Oh wait.
Unfortunately, the Internet of Things is driven by marketing ravenous hyenas and very few IoT companies are inspired by – what we could call – the Security Design Thinking.
Today, within the Internet of Things, Auto Industry has to struggle to prevent itself from being hacked both by criminals and by their inner blind appetite for market at the expense of their duty in the field of security.
Imagine the antithesis of the legendary film “Rebel without a cause” where the hero no longer rides a car as a symbol of freedom but he’s the prisoner of a runaway wagon.
The revelations concerning the recent fraud on the behalf of Volkswagen – by the way VW is not an isolated case – highlighted what is at stake in terms of security in the fabulous world of the Internet of Cars.
Before reaching the point of no return, Cars companies and end users should deeply consider the following thoughts :
This video below presents the genuine and trustworthy commitment of our YesWeHack Bug Bounty Platform.