Can you introduce us briefly to Treebal?
Treebal is an eco-friendly instant messaging application that protects both the planet and its users’ data. It contributes to reforestation projects throughout the world. This green focus was a founding strategy of the organisation in order to minimise the impact on the environment. Treebal is a secure app that guarantees the confidentiality of its users’ data. You can learn more about the technical solution here.
Why did you decide to launch a Bug Bounty program?
After several years of working with institutional cybersecurity companies, we realised that the Treebal project required a more specific approach. The Treebal instant messaging solution is designed for a broad audience with high visibility. With this in mind, we needed to explore innovative, new auditing methods that could meet demanding security requirements. A bug hunter community was the best way to test the solution.
We chose YesWeHack because we wanted to involve the local French digital ecosystem in our cybersecurity strategy. We were also impressed by YesWeHack’s market reputation. Our first step was a private program comprising several ethical hackers selected in partnership with the YesWeHack Customer Success team. With the support of the Customer Success team, we were able to get our program up and running extremely quickly. We collaborated with YesWeHack on qualifying and non-qualifying vulnerabilities, and on mastering bounties and first reports.
You are now expanding your private program into a public Bug Bounty program. What motivated this move?
Given the encouraging results from the private program, we are increasing the number of ethical hackers every month. The reports we have received all confirm the maturity of our solution. The obvious next step is to go public. A public program provides more transparency to our users and also allows us to open it up to any ethical hacker wishing to test our solution.
Any advice for startups considering the launch of a Bug Bounty program?
Use the network power of a Bug Bounty platform to secure your systems. Nothing is safer and more effective than a community of ethical hackers to test your assets against cybersecurity threats. YesWeHack’s support also allows you to keep the Bug Bounty budget under control.
Check Treebal’s Public Bug Bounty program here.
Founded in 2015, YesWeHack is a Global Bug Bounty & VDP Platform.
YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 25,000 cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.YesWeHack runs private (invitation based only) programs and public programs for hundreds of organizations worldwide in compliance with the strictest European regulations.
In addition to the Bug Bounty platform, YesWeHack also offers: support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.
Interested in a demo or you want to discuss crowdsourced security with our experts?