My nickname is Onemore and I am a core-hunter of the YesWeHack private Team.
I’ve been hunting for bug bounties since 2012.
As a core-hunter for YesWeHack.com, my job is to spot talents and ask them to join us.
Even if our recruitment is subject to a co-optation process, i do have some criteria that help me spotting and rating new applicants.
In order to level-up the degree of trust, we need to apply some criteria for recruiting of our core hunters.
Those criteria are based on skill, level, openness, ethics, without omitting the ability to produce clear and relevant reports.
In terms of languages, the basic expected knowledge trio is the following : Python, PHP and JS. Obviously, this implies that hunters are to keep on learning other languages and techniques.
Before going public, the bug bounty programs are supposed to be private because our very important customers demand legal framework and concise scope.
The very core of our private team respects the following motto :
Legal conditions demand loyal and trustworthy people.
Based on this code of conduct : only 10 hunters are part of our Private team out of 1200 hunters registered on YesWeHack : 7 are professional pentesters and 3 are from different backgrounds.
Our expertise is not focused on massive hunting but on our efficiency :
Quality Of Service is prior to a huge amount of hunters
Last but not least, our platform responds to norms like ISO 27001. Moreover, our General Conditions of Contract have been reviewed and approved by legal team from namely OVH and Orange.
& Our Bug Bounty Platform is now fully certified (ISO27001, SOC 1 type II, SOC 2 type II..etc) More information here ! 2/2
— bountyfactoryio (@bountyfactoryio) 15 septembre 2016