Category: disclosure

Interview of Gilles Cadignan – CEO & Co-Founder of Woleet

First of all, can you introduce us to Woleet?

Woleet.io was founded in Rennes in 2016. Woleet is a data anchoring platform using the Bitcoin blockchain. To sum up, we provide a SaaS platform that receives digital fingerprints of data and proceeds to anchor them in Bitcoin by linking these fingerprints to a transaction having a certain date. To achieve this, Woleet builds a cryptographic structure that allows multiple fingerprints to be put together in a single transaction.

The use of Woleet has many benefits:

Once anchored in the blockchain, verification of proof of existence dated and free for anyone with data, anchor receipt and Internet access to retrieve the relevant Bitcoin transaction.
Confidentiality is preserved, Woleet only deals with digital fingerprints, which can be improved with meta-data for information purposes.
No need to have bitcoins to use our service, as Woleet takes care of interacting with the blockchain by building transactions.

Ok but why does the partnership Woleet and YesWeHack make sense?

Well, Yes We Hack is actually a nice team : they like to chat and laugh around a beer šŸ˜‰

More seriously, the Woleet and YesWeHack partnership came quite logically following a meeting held in Rennes in December 2016 on the framework of the EuroCyberWeek.

The technology and the start-up spirit offered by Woleet fit perfectly with YesWeHack’s know-how. You know the concept of blockchain is too often used as a buzz word. Too often, so called experts talk about it but very few know what it is really. Concretely, the synergy between Woleet, YesWeHack and its partner Digital Security took place in record time (less than 3 weeks), that synergy made it possible very effectively to integrate all the skills to the benefit of the project Zerodisclo.com.

Thanks to the meeting of Woleet and YesWeHack, the blockchain finally finds a relevant and concrete use-case to better secure the Internet.

Woleet is very proud to have contributed to its measure to this useful initiative for the public interest. Obviously, it is a smart and good way for Woleet to promote our skills and vision.

So from your point of view : why is zerodisclo.com a good usecase?

Yes We Hack wanted for its Zerodisclo.com service to have irrefutable proof of integrity and time-stamping for vulnerability reports transmitted via the Zerodisclo.com. An open and verifiable proof by all without intermediary. The choice of anchoring the integrity and time-stamp data for these vulnerability reports was self-evident. By anchoring them in the blockchain, the service offered full transparency without revealing any information about the source or content about the discovered vulnerability. The anchoring of data in the blockchain coupled with the electronic signature thus ensures an increased degree in terms of irrefutable traceability for each party, both for the security researcher and for the company concerned by the vulnerability.

Zerodisclo.com was launched during the FIC2017 and it showed very genuinely that an idea can become operational and efficient when all the stakeholders involved contribute with a common interest. This notable exercise reveals the quality of startups in France and furthermore in Europe.

Zerodisclo is therefore an ambitious project aimed at strengthening information systems by facilitating the reporting of vulnerabilities by some good Samaritans. Innovation is at this stage rather unique, Zerodisclo.com is a non-profit tool to better protect bug reporters by putting in the loop the official CERTs that will have the responsibility to warn the organizations concerned.

By the way, next march 29 in Paris for Hackpero.com at Ecole 42, i will take the floor with Guillaume from YesWeHack to present the synergy we made within the project : ZeroDisclo.com !

Can you tell us more about the evolutions of Woleet?

After a year of various experiments with several customers, Woleet is entering a phase of production of the various projects. By focusing solely on mature low-level uses, we differentiate ourselves from the only experimental approach of the majority of current blockchain projects. Beyond the implementation of the projects based on the Woleet platform, we owe many projects such as the standardization work on proofs, carried out jointly with several other international startups with authorities such as the W3C. At R&D level, we are working on the next primitives that we intend to provide as an alternative to the digital signature based on the Bitcoin protocol, we also provide tools for the management of digital assets, always on Bitcoin. To lead all these projects, we will have to make our team grow and welcome passionate people who want to participate in – what we think is – a revolution at least as big as the Internet revolution.

ZeroDisclo.com : IT Security Researchers finally Protected

In constant contact with its community of security researchers, YesWeHack has noted that it is complex for a security researcher and therefore, for a whistle-blower to report security flaws -in aĀ  coordinated way – to impacted organizations. Especially if those organizations do not have a Bounty Bounty program registered on BountyFactory.io !

Vulnerability discoverers often experience difficulties on how to report them to the organizations concerned without disclosing them to a third party and unfortunately direct contact with companies constitutes a legal risk.

A long-time partner of the security research community through its founders, YesWeHack launches ZeroDisclo.com.

This platform provides the technical means and the required environment for all to adopt the coordinated reporting of vulnerabilities commonly known as “Coordinated Vulnerability Disclosure“.

The platform, which can be accessed directly or via the Tor network, offers any Internet user the opportunity to report a vulnerability to CERTsā„¢ via an on-line form, providing the necessary information to understand and evaluate its severity through its CVSS score. The researcher can then choose to remain anonymous or provide his identity if he/she wishes to be contacted, or even thanked in return.

The report will be encrypted via OpenPGP plus the key of the CERTā„¢ in the very browser, time-stamped, signed by the Blockchain and forwarded automatically to the CERTsā„¢ chosen from an exhaustive list.

In exchange, the researcher receives a certificate attesting to his/her submission.

Currently, the CERTsā„¢ selected by ZeroDisclo.com are the CERT-EU, CERT-FR, and the CERT-UBIK created by Digital Security dedicated to the Internet of things. Moreover, organizations can subscribe to ZeroDisclo.com in order to monitor in real time, the flaws concerning their systems and -if necessary- to contact the relevant CERTsā„¢ in order to know the details.

ZeroDisclo.com aims at empowering the community, for security researchers to prove their good faith. ZeroDisclo.com offers an efficient and ethical alternative to services disclosing vulnerabilities on the Internet and on the black market.

Founded in 2013, YesWeHack connects organizations or projects with IT security needs with skilled people.

4 interdependent platforms are available:

– YesWeHack Jobboard: the first job site specializing in computer security.
– Bounty Factory: Bug Bounties’ first European platform.
– FireBounty: Bug Bounties aggregator.
– ZeroDisclo: Vulnerability Reporting Platform.


References


Press contact: presse@yeswehack.com


YES WE HACK © 2017 | Our Job Board | Our Bounty Factory | Events | Press