Category: Press Release

ZeroDisclo.com : IT Security Researchers finally Protected

In constant contact with its community of security researchers, YesWeHack has noted that it is complex for a security researcher and therefore, for a whistle-blower to report security flaws -in a  coordinated way – to impacted organizations. Especially if those organizations do not have a Bug Bounty program registered on BountyFactory.io !

Vulnerability discoverers often experience difficulties on how to report them to the organizations concerned without disclosing them to a third party and unfortunately direct contact with companies constitutes a legal risk.

A long-time partner of the security research community through its founders, YesWeHack launches ZeroDisclo.com.

This platform provides the technical means and the required environment for all to adopt the coordinated reporting of vulnerabilities commonly known as “Coordinated Vulnerability Disclosure“.

The platform, which can be accessed directly or via the Tor network, offers any Internet user the opportunity to report a vulnerability to CERTs™ via an on-line form, providing the necessary information to understand and evaluate its severity through its CVSS score. The researcher can then choose to remain anonymous or provide his identity if he/she wishes to be contacted, or even thanked in return.

The report will be encrypted via OpenPGP plus the key of the CERT™ in the very browser, time-stamped, signed by the Blockchain and forwarded automatically to the CERTs™ chosen from an exhaustive list.

In exchange, the researcher receives a certificate attesting to his/her submission.

Currently, the CERTs™ selected by ZeroDisclo.com are the CERT-EU, CERT-FR, and the CERT-UBIK created by Digital Security dedicated to the Internet of things. Moreover, organizations can subscribe to ZeroDisclo.com in order to monitor in real time, the flaws concerning their systems and -if necessary- to contact the relevant CERTs™ in order to know the details.

ZeroDisclo.com aims at empowering the community, for security researchers to prove their good faith. ZeroDisclo.com offers an efficient and ethical alternative to services disclosing vulnerabilities on the Internet and on the black market.

Founded in 2013, YesWeHack connects organizations or projects with IT security needs with skilled people.

4 interdependent platforms are available:

– YesWeHack Jobboard: the first job site specializing in computer security.
– Bounty Factory: Bug Bounties’ first European platform.
– FireBounty: Bug Bounties aggregator.
– ZeroDisclo: Vulnerability Reporting Platform.


References


Press contact: presse@yeswehack.com


BountyFactory.io : the first European platform for Bug Bounty

Computer security is a strategic challenge for all organizations and companies. Carrying out an inventory is essential to have an overall view of the situation. Security audits should be performed regularly and the costs are high.

Bug Bounty Programs allow companies to outsource seeking vulnerabilities by collecting a significant number of security breakdowns that will be reproduced and analyzed. This does improve the code, preventing from new risks.

With a good Bug Bounty program, a company can continuously check the security of its site or its applications. Hundreds of experts will test sites, and be rewarded (financial or else).

Submit your site to a Bug Bounty program is affordable. You can communicate about its security, also be proactive and reactive in case of vulnerabilities.

By participating in Bug Bounties, security researchers apply their knowledge legally, are paid, enrich their network and enhance their expertise YesWeHack launches the first European platform for Bug Bounty : BountyFactory.io.

BountyFactory.io is an easy way to secure your platforms.

To create their own Bug Bounty program, the startups, the large enterprise groups or the project holders have to register on our platform. They have to define a scope, a reward and whether it will be private or public.

Security researchers that are registered on Bountyfactory.io then take note of the bug bounty program’s details.

When one of the hunters find a bug inside the scope, it shall have to be validated by the bug bounty initiator. Once recognized, the hunter will instantly be rewarded and credited skill points that would highlight him on Yeswehack.


About YesWeHack :

YesWeHack, launched in 2013, connect organizations or projects with IT security needs with qualified people.

Three interrelated platforms are available :

YesWeHack Jobboard : the first job site specializing in computer security.

Bounty Factory : first European platform for Bug Bounties

FireBounty : Bug Bounties aggregator.

YES WE HACK © 2017 | Our Job Board | Our Bounty Factory | Events | Press