YesWeHack ensures the continuous security of France’s COVID-19 contact tracing app

May 26, 2020

Developed by a consortium of public and private actors, the application aims to ensure reliable contact tracing as France progressively loosens the country-wide lockdown. Following a recommendation from France’s national cybersecurity agency, the StopCovid project team has opted for the highest possible transparency and security for the app users. YesWeHack’s community of ethical hackers will aim to identify every potential weakness in the app. Those vulnerabilities are reported directly to the StopCOVID project team.

With this innovative security approach, the StopCovid project team underlines the importance of information security and data protection in the fight against COVID-19. France is also the first country to secure its contact tracing app through bug bounty.

Continuous security check in two phases

The security audit of the StopCovid contact tracing app in France starts today as a private Bug Bounty program with 20 European ethical hackers selected from the YesWeHack community. The app is to be launched in June. By debuting the bug bounty before the app’s official release, the consortium ensures StopCovid will provide the best possible security to its end users. Once the app is released, the Bug Bounty program will go public—the vulnerability hunt will open to all ethical hackers, thus harnessing the combined efforts and insights of YesWeHack’s 15,000-plus strong community.

Every vulnerability will be reported through YesWeHack directly to the StopCovid project team. Each report contains both the specific detail of the vulnerability and suggestions for remediation to speed up fixing.

By mobilising the YesWeHack ethical hacker community, swarm intelligence and continuous security audit strive to ensure an optimal security level for France’s contact tracing app. A proven, turnkey approach befitting all types of organisations in their aspiration to repel brazen cyber criminals, bug bounty continues to revolutionise Information Security.

YesWeHack continues to guarantee the security of essential digital assets

YesWeHack is a long-standing partner of government agencies, including the French Ministry of Defense, the Direction interministérielle du numérique (see the program), France’s digital transformation agency, and the French platform for prevention and assistance to victims of cyberattacks (see the program). Also, Europe’s Bug Bounty leader brings together companies from around the world that seek to improve the security of their digital assets thanks to ethical hackers. Those receive a bounty (a reward) for security flaws they identify.

The development of the StopCovid contact tracing app is carried out free of charge by all parties involved. Thus, YesWeHack will bear the cost of the bounties to be awarded.

“As a critical part of the our country’s toolset against COVID-19, it is vital that our data is safe from cyberthreats. We are proud to be able to contribute to reinforce security in the current exceptional situation,” says Guillaume Vassault-Houlière, CEO and co-founder of YesWeHack.

About YesWeHack: Founded in 2013, YesWeHack is the #1 European Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands cyber-security experts (ethical hackers) across 120 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices. YesWeHack runs private (invitation-only) programs, public programs and vulnerability disclosure policies (VDP) for hundreds of organizations worldwide in compliance with the strictest European regulations.

Should you require further detail, please get in touch with