Thanks to the impressive work of our team, our Bug Bounty platform has been revealed with new features for Program Managers.
So we would like to share with you the new features below 🙂
New program structure
We have reviewed the structure of the programs by adding several fields.
A « Scope » field to define its types and perimeters (links, webapp, iOS Apple Store, Android)
An « Out of scope » field if applicable
« Qualifying Vulnerabilities » for a reward
« Non-Qualifying Vulnerabilities » for a reward
And a mandatory compensation grid based on criticality (Low / Medium / High / Critical)
Please update your Bug Bounty program by filling the new fields to better manage your perimeter.
New report workflow
We have reviewed the workflow for qualifying bug reports.
It is said that a picture speaks a thousand words so please take a look below:
[Optional] Free VPN
We offer all our customers a free VPN, which will allow you to provide hunters a dedicated connection to meet your program’s legal framework, but also to be able to open dedicated environments (IP filtered).
Each hunter now has a profile page through which all his activity within the platform is highlighted including his ranking.
This allows YesWeHack’s client companies to select the hunters and to invite them into their programs based on their impact score or activities.
New report structure
The details of the bug reports have also been reviewed, providing more clarity to the program manager. The ergonomics of the tools used for qualifying reports have also been redesigned to offer you a greater efficiency. These new programs/report structures linked to the provision of a public API allows an optimal capitalization of vulnerability reports (DevSecOps).
We do provide an API so that you can develop or connect your own tools.
Members at all levels
We have improved granularity in member management. You can invite members to your business unit, but also to your programs and reports. The number of members is unlimited.
We hope that you will enjoy this new version as much as we do. Please be aware that we are still ready to listen to your feedbacks, questions and/or comments.