Page 2 of 4

Datavisualisation : la Crowdsecurity en Europe par YesWeHack

2017 a été une année importante pour YesWeHack, notamment en ce qui concerne le Bug Bounty.

Vous trouverez ci-dessous une infographie qui reprend des données clés tirées de notre plateforme BountyFactory.io durant l’année passée.

En tant que 1re plateforme de Bug Bounty en Europe, c’est la première fois que des chiffres sont publiés.

Nous sommes fiers de vous annoncer que la communauté d’experts YesWeHack se compose à 67% d’Européens.

En 2017, grâce à notre communauté d’experts,  plus de 2000 bugs ont été remontés dont 40% étaient considérés comme critiques avec un score CVSS supérieur ou égal à 7.

Read More

Pépinière d'entreprises _ Atalante Beaulieu

YesWeHack ouvre des bureaux à Rennes et contribue à l’écosystème cybersec en Bretagne

Depuis 2013, YesWeHack n’a cessé de croître et se renforce aujourd’hui avec de nouveaux locaux, au sein de la pépinière numérique à Cesson-Sévigné, en Bretagne, deuxième région « cybersec » après l’Ile-de France.

Le marché de la cybersécurité, particulièrement attractif, attire aussi bien une clientèle nationale qu’internationale. Afin de répondre aux attentes de cette clientèle exigeante, notre équipe s’agrandit et prend ses quartiers à la pépinière numérique à Cesson-Sévigné.

L’équipe YesWeHack bénéficie désormais de locaux dédiés où Romain LECOEUVRE (CTO), Laurent JOUANNIC (Business Development) et Nicolas DIAZ (Communication) auront un accès plus aisé pour coopérer et échanger avec les décideurs et les porteurs de projets bretons.

Read More

Le Réseau Thématique French Tech #Security #Privacy

Guillaume Vassault Houlière, CEO de YesWeHack, est un des ambassadeurs du Réseau Thématique French Tech #Security #Privacy .

Ce réseau a pour objectifs : d’organiser un Tour de France sur la thématique “security & privacy” afin de fédérer l’écosystème, de développer et valoriser à l’international le savoir-faire des acteurs français en matière de cybersécurité.

Ce tour permettra notamment de continuer la sensibilisation des utilisateurs en entreprise (PME, ETI et Grands Groupes) à la sécurité et à la protection des données personnelles. C’est là une des clefs de la réussite de la transformation numérique.

Une des missions principale du réseau est l’identification des startups axées sur la cyber-Securité et la protection des données personnelles. L’idée c’est de procéder à un inventaire des besoins et de motiver des entrepreneurs « emblématiques » pour qu’ils deviennent des business angels et/ou des mentors.

Enfin, le réseau et tous ses acteurs ont pour activité la promotion du fonds French Tech Accélération aux entrepreneurs pouvant réinvestir dans l’écosystème.

En savoir plus sur la feuille de route

Open Source, NGOs & Hackers : Unity is strength

YesWeHack is definitely a group of passionate people who all have become professionals. As passionate people, we do have principles and it is precisely these principles that keep us on the right path of our social, economic and financial development.

For some of you, you’ve been noticing that we are operating in a competitive world without forgetting our fundamentals.
We are willing to defend the common goods mainly the Internet neutrality, Press Freedom, Open Source (software & hardware).

To us, those 3 pillars – amongst others – are strong allies for Civil Society and especially for NGOs to defend and promote Human Rights.

This is the reason why we do care about helping NGOs and non-profit organizations who share the same principles.

Cooperation is good for all of us !

In 2017, our community of security researchers participated in 3 bug bounty programs powered by our Bounty Factory :

In june 2017, the first program was launched by OCCRP and it exposed one tool of the organization : VIS.OCCRP.org

As a matter of fact, OCCRP is involved in the original Panama Papers, Paradise Papers amongst many other projects.

Read More

Incentive Policy for Coordinated Vulnerability Disclosure

Assessment

For the past ten years or so, organizations have been trying to implement operational policies to avoid “Full Disclosure” reports or “Open Bug Bounty” whose methods are not that good in terms of honesty and responsibility.

Speaking of responsibility, you may be familiar with the notion of “Responsible Disclosure” and you wonder how it differs from the concept of Coordinated Vulnerability Disclosure?

The concept of responsible disclosure has too often been at the root of endless discussions:

On the one hand the vendors denounce “Disclosing a vulnerability without providing patches is not responsible”.
and the other, “Don’t fix this vulnerability as quickly as possible is not responsible”, say security researchers.

During this precious time when both sides argue, the system concerned is at the opponent’s mercy.

In order to move towards greater efficiency and to get out of sterile debates, it is therefore important to avoid speaking of “responsible disclosure”. This is why many organizations advocate the concept of “Coordinated Vulnerability Disclosure” (CVD) in order to promote and strengthen cooperation between the various actors in cybersecurity, all of whom have a common goal: Make the Internet safer.

Coordinated Vulnerability Disclosure

Coordinated Vulnerability Disclosure

Read More

Politique Incitative à la Divulgation Coordonnée de Vulnérabilités.

 ☄ Constat

Depuis une dizaine d’années, les organisations tentent de mettre en place des politiques opérationnelles pour éviter les rapports sauvages de failles ou autre “Full Disclosure” ou “Open Bug Bounty” dont les méthodes laissent à désirer en terme d’honnêteté et de responsabilité.

A propos de responsabilité, vous connaissez peut-être la notion “Divulgation Responsable” ( Responsible Disclosure – chez nos amis anglophones) et vous vous demandez en quoi elle est différente de la Divulgation Coordonnée de Vulnérabilités?

Le concept de divulgation responsable a trop souvent été au cœur de discussions sans fin :

  • d’un côté les vendeurs/éditeurs s’insurgent “Divulguer une vulnérabilité sans fournir de patchs n’est pas responsable”
  • et de l’autre “Ne pas corriger cette vulnérabilité au plus vite n’est pas responsable”, rétorquent les chercheurs en sécurité.

Pendant ce temps précieux où les parties se chamaillent, le système concerné est à la merci de l’adversaire et ce dernier en profite pour commettre ses méfaits.

Afin de tendre vers plus d’efficacité et sortir des débats stériles, il convient donc d’éviter de parler de “divulgation responsable”. C’est la raison pour laquelle de nombreuses organisations plaident en faveur du concept de “Divulgation Coordonnée de Vulnérabilités” (DCV) afin de promouvoir et renforcer la coopération entre les différents acteurs de la cybersécurité qui tous ont un objectif commun : rendre l’Internet plus sûr.

Coordinated Vulnerability Disclosure

Read More

Cybersecurity & Bug Bounty: Attack is the best form of defence

uillaume Vassault-Houlière President of Yes We HackBy Guillaume Vassault-Houlière | CEO of YesWeHack

Through our European platform BountyFactory.io, Bug Bounty is gaining respectability in France and Europe.

Bug Bounty is an innovative and operational practice from the United States that rewards security experts who find security flaws in IT systems.

Within a complex geopolitical context, Europe and France can compete in defending a European model of digital sovereignty.

In the light of new threats and given reports of organizations that are victims of piracy and irreversible damage, some innovative cyber security policies and approaches need to be adopted.

Cybersecurity is a powerful ally for leading digital transformation.

Read More

Confronting reality is the duty of every IT security professional

Interview of Stéphane Bourou | Technical Project Manager at Ercom

For 30 years, Ercom has developed a leadership position in the communications, data and terminal security markets.
This position is based on complementary technological expertise in Telco/cloud infrastructure, cryptography and software and on shared values: innovation, expertise, commitment and confidentiality.

Our products and expertise are recognized in France and internationally by major companies, customers, partners and certification entities.

All our solutions are certified or in the process of certification by ANSSI.

Two examples that illustrate Ercom’s expertise:

Read More

Qwant.com & BountyFactory.io to harden companies’ systems

Qwant.com‘s Security & Privacy Fund is now real and it aims at hardening companies’ systems through our BountyFactory.io !

Qwant has always believed that the development of online services should be done with maximum protection of the confidentiality of users personal data. That is why Qwant took a “privacy by design” and a “data minimization” approach from day one, which requires to think preventively of the technical means and business models that generate as little risks as possible for the privacy of users.

Since 2014, thanks to YesWeHack founders, Qwant has created its bug bounty program.

Each year Qwant offers bounties to the vulnerabilities hunters gathered at La Nuit du Hack, in Paris. Those programs run by HackerzVoice & YesWeHack teams have significantly helped Qwant to build up skills, and to even better protect their users personal data.

And for the 15th edition of La Nuit du Hack, Qwant wants to offer other startups and organizations – thanks to its fund – the opportunity to challenge and increase the security of their services with the best hackers in Europe and in the world, to improve privacy on the Internet.

Qwant grants 10,000 euros to this fund, that will allow to pay bounties to hackers who will discover vulnerabilities on the services of startups or associations that share Qwant’s ethical values.

Organizations that are selected to benefit from this fund will of course be accompanied to put the bug bounty program together.

You can find all the necessary details to apply for this Privacy & Security Fund at the operation’s official website: https://hackmeimfamous.com/

Shall We Play A Game ? Yes We Shall ⠵

Yes We Hack is proud to be platinium Sponsor for the 15th “la Nuit du Hack” next June 24 & 25 \o/

The forthcoming Nuit Du Hack is about to gather more than 2000 people from all over Europe !

Check the schedule !

☠ ☠ ☠

A bit of History :

Originally, la Nuit du Hack was created by Paulo Pinto aKa CrashFR.

“La Nuit Du Hack” is one of the oldest French underground hackers’ event which bring together, professionals and amateurs of any skill level, around lectures and challenges.

At the very beginning of la Nuit du Hack in 2003, the budget was lower than 1 k€.

Started with 20 persons, the event never stopped growing up by gathering more and more people from amateurs to professionals.

Now, it has reached 170 k€ thanks to the HackerzVoice Team, Géraldine and almost 100 volunteers 🙂

Read More

Page 2 of 4

Powered by WordPress & Theme by Anders Norén