Close

Other sites

Close

LAUNCH A PROGRAM

Run with ease programs tailored to your needs.

YesWeHack crowdsourced bug bounty services include

01.
Set up your program and define with our help
01.
Set up your program and define with our help

– Scope of your penetrating tests: website or mobile application, cloud infrastructure, connected object, etc.
– Authorized tests (excluding denial of service for instance) and qualifying vulnerabilities, ie: remote code execution, cross site scripting, etc.
– Hunters reward/payout grid.

YesWeHack guides you at every step of your Bug Bounty program, basing on its unique experience gained over management of hundreds of different programs.

02.
Submit your program to our hunters: private or public
02.
Submit your program to our hunters: private or public

– Private program: to a team of hunters chosen by you with our help, according to the specific requirements of each program with our help.
– Public program: to the entire YesWeHack community.

YesWeHack helps you select – or select for you – the white hat hackers best suited to your needs, in order to ensure your program performance, according to our hall of fame.

03.
Collect vulnerabilities
03.
Collect vulnerabilities

– Qualify and validate vulnerabilities reported by researchers. Each vulnerability is filled through a predefined template.
– Set the severity level basing on CVSS. – Reward researcher according to vulnerability severity and report quality.

YesWeHack platform helps you manage relationships with researchers.

04.
Verify patch
04.
Verify patch

– Fix the vulnerability and request the hunter to check whether the remediation is effective.

YesWeHack dashboards provide KPIs to manage your programs efficiently.

site-preview

Take a step by step approach

Since its launch in 2013, YesWeHack have been running hundreds of programs of all sizes in the most various contexts. Our team leverages this unique expertise to guide you at every phase of setting up, launching and running your programs. We thus guarantee your programs performance, tailored to your risks objectives – and your budget. Start on  a a limited scope, with small bunch of hunters, and prepare for a progressive scale up when you’re ready.

Frequently asked questions
How to define the scope of my first Bug Bounty program?

To launch your first program, we advise you to start with a limited scope, which you know well – and which has been previously hardened. When you get a first experience feedback, YesWeHack support helps you step up gradually, expanding and/or adding scope, making rules more flexible, and/or increasing the number of researchers.

How to select researchers participating in a private program?

YesWeHack helps you choose the number and profiles of researchers best suited to your needs: technical and functional environment of the scope to be tested, specific skills required, maturity/complexity of the scope, budget of your program, etc. YesWeHack therefore guarantees: 1 /the attractiveness of your program: that the selected researchers are the most active as possible; 2 /its performance: that they find as many relevant vulnerabilities as possible; and 3 / its budget: that you keep up with your financial constraints and don’t overpay vulnerabilities.

How are the researchers rewarded?

For each vulnerability, only the researcher who submitted the first valid report is rewarded. Researchers are rewarded according to a predefined grid for each program: the level of severity of the vulnerability, as qualified by the client, thus determines the amount of the reward. Points are also awarded, in particular according to the quality of the report and the remediation. These points allow researchers to climb in our ranking, and thus encourage them to provide a qualitative experience to the client.

How to define and control your Bug Bounty budget?

YesWeHack supports you at every phase of building, launching and monitoring your program so that your program rules (scopes, rules, reward grids, number and profile of researchers) are consistent with your planned budget.

How can you ensure the attractiveness and performance of your program over time?

If YesWeHack detects a lack of attractiveness or a decrease in the performance of a program, our support recommends rules adjustments accordingly. This adjustment generally involves:

  • scope of the program: maybe too restrictive, or already very hardened by previous audit or bug bounty programs.
  • number and profile of researchers: in a private program, the teams are regularly renewed or expanded.
  • reward grid: must sometimes be updated according to the complexity of the vulnerabilities to be discovered.