Open Source, NGOs & Hackers : Unity is strength


YesWeHack is definitely a group of passionate people who all have become professionals. As passionate people, we do have principles and it is precisely these principles that keep us on the right path of our social, economic and financial development.

For some of you, you’ve been noticing that we are operating in a competitive world without forgetting our fundamentals.
We are willing to defend the common goods mainly the Internet neutrality, Press Freedom, Open Source (software & hardware).

To us, those 3 pillars – amongst others – are strong allies for Civil Society and especially for NGOs to defend and promote Human Rights.

This is the reason why we do care about helping NGOs and non-profit organizations who share the same principles.

Cooperation is good for all of us !

In 2017, our community of security researchers participated in 3 bug bounty programs powered by our YesWeHack Bug Bounty Platform :

In june 2017, the first program was launched by OCCRP and it exposed one tool of the organization :

As a matter of fact, OCCRP is involved in the original Panama Papers, Paradise Papers amongst many other projects.

As one of the world’s largest investigative reporting organizations, OCCRP is very concerned with security of their journalists and sources.

With this in mind, OCCRP started a bug bounty program with YesWeHack !

In October 2017, OCCRP did it again by submitting another scope made of Open Source components namely : Django, Ember.js, Bootstrap 3, PostgreSQL , Oauthlib.

  • The Investigative Dashboard (ID) is a platform of tools and services that help journalists to follow the money and uncover corruption. At its core are IDresearch requests, a request tracking mechanism that allows journalists to get help from one of OCCRP’s experienced researchers.

We have chosen YesWeHack based on a recommendation, and we are happy to say that YesWeHack went beyond what we had expected or hoped for.
Michał “rysiek” Woźniak, Chief Information Security Officer from

Collaboration between OCCRP and YesWeHack results in this page 🙂


As for the third bug bounty program, it was launched in October 2017 thanks to Reporters Without Borders and aimed at hardening a brand new project for investigative journalism called

  • Forbiddenstories is a collaborative journalism network devoted to keep stories alive and to publish the work of journalists if they are no longer able to do it themselves. At times, journalists have been killed, jailed or threatened.

Investigative journalism is about providing information on crucial issues such as the fight against corruption, environmental protection and human rights. To accomplish this mission and in particular through ForbiddenStories, cooperation with YesWeHack has proven to be obvious because ethical hackers help us to better secure our means of communication and therefore our data.
Laurent Richard | Spokesperson of

So truly, YesWeHack is honored and proud to help ForbiddenStories for this project is willing to use above all Open Source Software like WordPress, SecureDrop, GNUPG, Signal.


Unity is Strength and beyond those examples, YesWeHack has been working with several organizations that improve Open Source. For security reasons, as you may guess, we cannot give details concerning those private bug bounty programs 🙂

No worries, if your project is non-profit and made of Open Source bricks we would be glad to drop all the fees we charge for usual bug bounty program.

Give it a try & please drop a line to 🙂