Version 2.0 of YesWeHack Tracker is packed with new integration features to help DevSecOps teams identify, track, and triage bugs faster and more securely. Gilles Yonnet, Deputy CTO, YesWeHack, explores the highlights of this turn-key vulnerability management and bug tracking integration solution.
Faced with fast disruptive change, organizations need to innovate faster – or risk being overtaken by new, nimble, and leaner competitors. DevSecOps plays a vital role here, baking security into the software development workflow, for the accelerated roll-out of trusted code and ultimately the faster launch of new products and services.
Every forward-thinking DevSecOps strategy has one or more bug tracking tools in its armory, to track and triage bugs during the development lifecycle and shield software from cyber-attacks. Too often however, the integration between bug trackers and a vulnerability management solution like Bug Bounty can be slow and labor-intensive, undermining the agility and collaboration demanded by developers. The user experience can be unintuitive, for example, or the workflow requires excessive manual intervention.
This is where the YesWeHack Tracker 2.0 comes in. In the spirit of constant improvement, our Tracker 2.0 provides turnkey, seamless, and secure integration with your preferred bug tracking toolset, boosting the strength and scope of your vulnerability management strategy.
Developed in close consultation with our customers, Version 2.0 is geared to helping DevSecOps teams work faster and smarter. It is packed with new integration functionality to connect with deployed bug trackers more easily and communicate vulnerabilities, remediate issues, and ensure swift bug resolution and closure. It supports GitHub, GitLab, Jira, and Jira Cloud bug trackers, and support for additional trackers will be announced in the coming months.
Version 2.0 includes:
✔️ Complete, timely, automated reporting: Security and development teams have all the data associated with vulnerability reporting at their fingertips to triage vulnerabilities using their chosen bug tracker(s). There’s no manual ‘copy and pasting’ of content – teams are connected to a synchronized, complete view of the workflow and data.
In version one, for example, Bug Bounty program managers could only ‘push’ vulnerability reports. Now they can ‘push’ comments as well as the reports themselves – whether it is tips on how to reproduce the vulnerability or how to fix it. A complete historical log of those exchanges also offers traceability while ensuring nothing is overlooked.
✔️ Enhanced control and security: Our Tracker 2.0 is made with security in mind. Managers have complete control over what information is disclosed – and to whom. In situations where developers do not have access to the relevant vulnerability, for example, managers can determine what information they wish to disclose, reducing friction and delays between application and security teams.
For added security, YesWeHack Tracker 2.0 is also non-invasive: it doesn’t push information from YesWeHack to the customer server, it pulls it. This way, the customer doesn’t need to allow a dedicated incoming connection in his firewall.
✔️ Ease of use: Version 2.0 features an intuitive GUI, helping users to create, modify and validate/test configurations. Our Tracker 2.0 also integrates easily to GitHub, Jira, and other supported bug tracking tools without additional configuration: all you need are your log-in credentials and projects identifiers.
The development doesn’t stop there. YesWeHack will shortly announce a bi-directional capability, enabling teams to collaborate seamlessly with one another on vulnerability reports, comments, feedback and other insights.
Find out how this latest release of YesWeHack’s plug-and-play bug tracking integration solution can help you ship innovative software faster here.
Want to know more about our vulnerability management integration solutions? Get in touch with our team👇
Founded in 2013, YesWeHack is a Global Bug Bounty & VDP Platform.
YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.YesWeHack runs private (invitation based only) programs and public programs for hundreds of organizations worldwide in compliance with the strictest European regulations.
In addition to the Bug Bounty platform, YesWeHack also offers: support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.