YesWeHack, Europe’s leading Bug Bounty company announces the launch of YesWeHack EDU, the world’s first Bug Bounty education platform dedicated to cybersecurity training.

YesWeHack EDU creates a training ecosystem for best practices in cybersecurity, meeting the growing need for talent in this sector.

Taking advantage of recognized expertise in Coordinated Vulnerability Disclosure (CVD), as well as a unique ecosystem of customers and researchers, YesWeHack EDU trains its users to detect security vulnerabilities in realistic scenarios, in identical contexts to what exists today in production within companies and organizations.

“Cybersecurity is both an economic and societal issue, and this sector suffers from an imbalance between the state of the threat and the market’s defence capabilities,” commented Guillaume Vassault-Houlière, co-founder of YesWeHack. He adds: “To remedy this situation, the capacity of public and private actors to detect and correct shortcomings in a professional and ethical manner must be rapidly strengthened – This requires specialized profiles training and better information sharing. »

YesWeHack EDU is aimed at cybersecurity curriculums in schools and universities and more broadly at all European IT curriculums (e.g. development, big data, etc.) that want to accelerate the sharing of quality datasets.

YesWeHack EDU’s educational approach first encourages emulation through gamification and the involvement of each student in securing their institution. Above all, it opens up prospects for future developers towards promising specializations such as DevSecOps, Data Scientist, Security Analyst, etc. Finally, YesWeHack EDU facilitates the implementation of collaborative projects and cross-functional initiatives between academic institutions and the private sector.

“According to a study published by Gartner, 50% of companies worldwide are expected to use Bug Bounty by 2022, compared to 5% today. We are launching YesWeHack EDU to address the talent shortage faced by the cyber security industry. This program provides the academic community with a sophisticated training platform to professionalize vulnerability management and to train for new cyber jobs, such as DevSecOps, Big Data, SOAR, etc. ” explains Guillaume Vassault-Houlière, CEO & Co-founder of YesWeHack.

YesWeHack will rely on its partner IT-Gnosis, who will provide YesWeHack EDU to schools and universities globally.

Available throughout Europe, the YesWeHack EDU platform is aligned with the SPARTA consortium initiative, of which YesWeHack is a founding member, that aims to strengthen both innovation and research in cybersecurity at the European level.

Hey, we just wanted to greet the talented hacker community using our plateform and reward them for their skill.

Last week we’ve began unrolling a reward system, beginning with achievement posters.

Some of you yet received them in a postal parcel, please bear with us while they travel around the globe 😉

The reward grid is as follow:

WEREWOLF
This achievement is awarded to hackers staying on top of the leaderboard for more than 3 months

---

2 Hackers had unlocked this achievement.

SAPIENS
This achievement is awarded to hackers having submitted a valid report each month for 12 months

---

4 hackers had unlocked this achievement

SURGEON
This achievement is awarded to hackers winning the max reward on a program

---

22 hackers had unlocked this achievement

DOZER
This achievement is awarded to hackers validating 10 reports on the same program

---

28 hackers had unlocked this achievement

EMPEROR
This achievement is awarded to hackers staying on the leaderboard’s top 5 for 12 months

---

2 hackers had unlocked this achievement

WARLORD
This achievement is awarded to hackers staying on the leaderboard’s top 5 for 6 months

---

4 hackers had unlocked this achievement

KING OF THE HILL
This achievement is awarded to hackers staying on the leaderboard’s top 5 for 3 months

---

7 hackers had unlocked this achievement

Next batch is in 3 months, KEEP HACKING! 😉

We hope those humble rewards will please you, get in touch with a private message on our twitter account for any follow-up needed on this matter.

Again, Thank you, you’re awesome.

We have recently been questioned on how our ranking point system works and how report quality is evaluated.

Our system has evolved quite a lot since inception, and some new report quality rating features have been added.

1- Triaging

The first step of a bug report life cycle is being ( hopefully ) accepted as valid by the program owner, otherwise it is classified as invalid and receives an additional qualification that eventually can lead to a negative rating, as illustrated below:

Note that a valid report can be triaged again as ” Informative ” or ” Won’t Fix ” after validation and before being accepted.

2- Accepted stage

Now that your shiny report has been accepted by the program owner, congratulations, you are now eligible for a reward.
But how are your ranking points calculated exactly?

a – Bounty

Depending on the bounty your report matches, you will be rewarded with ranking points:
– 15 POINTS for every bounty inferior to 500€
– 25 POINTS for every bounty from 500€, to 2000€
– 50 POINTS for every bounty superior to 2000€

b – Quality rating

The program owner can also reward the quality of your report and attribute 1 to 5 additional ranking points.

c – CVSS scoring bonus

Again, the program owner can give you 1 additional point if your report CVSS scoring falls right.

As summed-up in this chart:

You get 7 additional points for a resolved bug, a big thank you.

3- The big picture.

Finally we’ve stitched it all inside a single graph for your convenience.
Is our ranking system clearer?

You can refer to our leader-board to discover the hunters top 100

YesWeHack – Europe #1 bug bounty platform – has announced that it is opening an office in Singapore. The new office is part of YesWeHack’s fast-growth strategy for its international activities following a €4 million fundraising at the start of the year.

YesWeHack is consolidating its global positioning in a sector that will transform the cybersecurity industry over the next five years.

Kevin Gallerin has been appointed Managing Director APAC to develop YesWeHack’s strategy in Asia. Having spent more than ten years in the region, he knows the Asian cybersecurity market inside out, having notably participated in the launch of CERT-LEXSI in Singapore.

Cybersecurity is an urgent and major societal challenge. Highly correlated with the digitalization of our societies, cyberthreats have an increasing impact on our lives. It is therefore essential to ensure digital security and strategic autonomy of the EU by strengthening leading cybersecurity capacities. This challenge will require the coordination of Europe’s best competences, towards common research and innovation goals.

SPARTA is a novel Cybersecurity Competence Network, supported by the EU’s H2020 program, with the objective to develop and implement top-tier research and innovation collaborative actions. Strongly guided by concrete challenges forming an ambitious Cybersecurity Research & Innovation Roadmap, SPARTA will setup unique collaboration means, leading the way in building transformative capabilities and forming a world-leading Cybersecurity Competence Network across the EU. From basic human needs (health) to economic activities (energy, finance, and transport) to technologies (ICT and industry) to sovereignty (eGovernment, public administration), four research and innovation programs will push the boundaries to deliver advanced solutions to cover emerging challenges.

The SPARTA consortium, led by CEA, assembles a balanced set of 44 actors from 14 EU Member States, including ANSSI, Institut Mines-Télécom, Inria, Thales, and YesWeHack for France, at the intersection of scientific excellence, technological innovation, and societal sciences in cybersecurity. Together, along with SPARTA Associates, they aim at re-imagining the way cybersecurity research, innovation, and training are performed in Europe across domains and expertise, from foundations to applications, in academia and industry.

In sharing experiences and excellence, challenges and capabilities, SPARTA makes decisive contributions to European strategic autonomy.

***

Follow SPARTA – Cybersecurity Competence Network –
on Twitter @sparta_eu

Building Trust at the core of digital transformation.

La Banque Postale puts its customers’ interests above all.

Through the creation of platform58, La Banque Postale asserts its willingness to strengthen its digital transformation for both its employees and customers.

Cybersecurity being a pillar of digital transformation, YesWeHack is looking forward to mobilizing its community in order to improve the banking industry global security.

The banking industry sees itself at a pivotal moment. The expectations of our customers but also of our employees, the rise of new disrupting techs and emerging players, require us to design a more open banking platform. With platform58, a strategic project for La Banque Postale, we embrace this change by creating a French FinTech & InsurTech ecosystem embodying our banking and civic values. We build together (start-ups, customers, partners, etc.) the bank and insurance of the future.

Remy Weber, Chairman of La Banque Postale’s Executive Board.

YesWeHack is delighted to be one of the first 7 start-ups to be hosted by platform58.

platform58 provides support and hosting for start-ups developing solutions in the fields of banking, insurance, technology, but also finance-related services, such as big data, health and education.

The platform58 incubator will offer selected start-ups (max. 10 per year) tailor-made support by experts and managers of La Banque Postale, with no equity investment and no time limit. Other actors, in particular CNP Assurances, 50 Partners1, Visa, EY, TelecomParisTech, 1000Mercis, and Startway will contribute to the success of start-ups.