YesWeHack x Sovereign Tech Fund: Bug Bounties and FOSS

Sovereign Tech Fund Panel Discussion on Bug Bounties and Open Source

Bug Bounties in Open Source: A Panel Discussion

We're delighted to attend the upcoming Sovereign Tech Fund event on September 30th in Berlin!

This special evening will showcase the release of Dr. Ryan Ellis's report, "Bug Bounties and FOSS: Opportunities, Risks, and a Path Forward" which was commissioned as part of the Bug Resilience Program.

The event will feature a panel discussion, including our very own VP of Product, Aïmad Berady, who will delve into the key takeaways from Dr. Ellis's research.

Joining the conversation will be Dr. Ellis himself, Amir Montazery from OSTIF, Yona Raekow from BSI, and Lars Francke from Stackable. Together, they will explore the public sector's role in Bug Bounty Programs and discuss the risks and opportunities that arise from publicly funded security initiatives for open source projects. The panel will be moderated by Tara Tarakiyee from the Sovereign Tech Fund.

This is an invite-only event. If you’re a policymaker, researcher, or industry professional interested in cybersecurity and open source development, please reach out to: bugresilience@sovereigntechfund.de

More details about the agenda can be found here.

About YesWeHack

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform. Founded by ethical hackers in 2015, YesWeHack connects organisations worldwide to tens of thousands of ethical hackers, who uncover vulnerabilities in websites, mobile apps, connected devices and digital infrastructure.

Bug Bounty programs benefit from in-house triage, personalised support, a customisable model and results-based pricing. Clients include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces.

The YesWeHack platform offers a range of integrated, API-based solutions: Bug Bounty (crowdsourcing vulnerability discovery); Vulnerability Disclosure Policy (creating and managing a secure channel for external vulnerability reporting); Pentest Management (managing pentest reports from all sources); Attack Surface Management (continuously mapping online exposure and detecting attack vectors); and ‘Dojo’ (ethical hacking training).

YesWeHack complies with strict security, financial traceability and privacy requirements. YesWeHack’s services are ISO 27001- and ISO 27017-certified and accredited by CREST. YesWeHack’s infrastructure uses EU-based, GDPR-compliant private hosting that meets the most stringent standards: ISO 27001, ISO 27017, ISO 27018, ISO 27701 and SOC II Type 2. The YesWeHack platform is also permanently subject to a public Bug Bounty Program.