Login

Register

Login

Register

#hacking | Cybermalveillance: French cyber awareness site to launch public bug bounty program



Adam Bannister

25 February 2020 at 16:10 UTC

Updated: 25 February 2020 at 16:18 UTC

Private program for Cybermalveillance.gouv.fr set to go public sometime in April

Rewards for high risk and critical flaws found in a French government website that supports cyber-attack victims are set to double when its bug bounty program goes public over the coming weeks.

A private program for Cybermalveillance.gouv.fr, a cyber-support site that was launched in 2015, has been running on YesWeHack since mid-December, with a public program mooted to go live on the France-based bug bounty platform during April.

Rewards for the discovery of high risk and critical flaws could rise from €400 to €800 and from €800 to €1,600 respectively, the website’s information systems manager told The Daily Swig.

“It is crucial for us to ensure a high level of security”, said Nicolas Laurent, information systems manager for GIP ACYMA (Le Groupement d’Intérêt Public Action contre la Cybermalveillance), which was founded in 2017 to manage Cybermalveillance.gouv.fr and help French citizens, businesses, and local authorities mitigate security risks and handle the fallout of cyber-attacks.

He added that the program’s focus was on preventing the theft of personal data, redirection of contact requests, and malicious modification of the site’s tools.

READ MORE YesWeHack: ‘The idea is to be a European alternative to the US bug bounty platforms’

Cybermalveillance home page

Cybermalveillance.gouv.fr features a step-by-step tool for diagnosing and remediating security problems, and putting cyber-attack victims in touch with relevant local service providers.

In scope for the program are the website’s publicly accessible areas, user account areas of both service providers and support seekers, and a tool for encrypting, uploading, and sending suspicious files for inspection by security experts.

Laurent says GIP ACYMA’s current invite-only program, which has about 30 participating bug hunters, has so far yielded reports of 15 vulnerabilities from two white-box penetration tests, seven of which have been fixed.

On the decision to make the program public, he said: “We wanted to open our application to more hunters and be able to share directly with them on the forum.”

GIP ACYMA was one of four organizations to participate in a live hacking event hosted by YesWeHack at the end of January.

“It was very interesting to see them working on our application before going into production,” said Laurent of the event, which was held at the 2020 Forum International de la Cybersécurité (FIC) in Lille, France.

“We talked about areas for improvement and corrected a new vulnerability.”

Paris-based YesWeHack was founded in 2013 to give organizations a “European alternative” to US bug bounty platforms like HackerOne and Bugcrowd, the company’s Rodolphe Harand told The Daily Swig last October.

YOU MIGHT ALSO LIKE Meet the bug bounty platform putting community into crowdsourced security



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW