ECSO Member popularises hackers getting paid to attack companies
ECSO Member YesWeHack’s services have already been used by the Quebec government, the Swiss Post Office, Doctolib and many others. The principle of this French start-up is counter-intuitive: companies or administrations pay to be attacked by experienced hackers.
The objective is to update the security flaws in the information systems to plug the gaps and avoid the real attacks. YesWeHack popularised penetration testing by adding two essential components to it: a platform, a site to which companies can connect to launch their bug bounty, as well as the crowdsourcing dimension – participatory production – allowing the massification of research teams.
How do these Bug Bounties work?
Hackers, called cybersecurity researchers, register on the platform and challenge the community of hackers. YesWeHack lists 40,000 of them, handpicked from 150 countries. According to the flaws they discover in the computer networks of client companies, these hackers are rewarded with different amounts of bonuses. The largest reward ever offered so far is $250,000.