Ethical hackers: YesWeHack infiltrates cybersecurity

What do the Government of Quebec, Swiss Post and Doctolib have in common? All of them have used the services of YesWeHack, a French start-up that has been turning the world of cybersecurity upside down for some time with its bug bounty technique – literally “bug bonus”. The principle is counter-intuitive: companies pay to be attacked by seasoned hackers. But it’s not just any hackers: some 40,000 cybersecurity researchers from 150 countries have been handpicked by YesWeHack teams. These are rewarded with bonuses based on the flaws they discover in the computer networks of client companies.

The highest reward is currently $250,000. It is proposed by the Swiss Confederation, which challenges ethical hackers to vote fraudulently on its electronic electoral platform. “We popularized the penetration test”, decrypts Guillaume Vassault-Houlière, co-founder of YesWeHack with Manuel Dorne in 2015. This French cybersecurity veteran has added two essential components to this technique often used in the industry: a platform, a site to which companies can connect to launch their bug bounty, as well as the crowd-sourcing dimension (participatory production) allowing the consolidation of research teams.

Read alsoCyberattacks, bugs… Immersion in the daily life of ethical hackers, these white knights of the net

Facing the Anglo-Saxon giants

The French champion presents itself as a very serious alternative to Anglo-Saxon solutions such as those of the Australian Bugcrowd or the American HackerOne, launched in 2012 at the initiative of the Internet giants. “They have a weakness: they grow too quickly, judge Rodolphe Harand, CEO of YesWeHack. They bet everything on communication and marketing while we prefer to keep an artisanal dimension that allows us to provide a solution adapted to each client company. .” By way of comparison, the French has almost three times fewer researchers registered on its platform than the giant HackerOne. But the strategy seems to pay off since the Gartner firm gives it the best score in its sector study.

“We spoke with people who are themselves security researchers, unlike other platforms where we spoke with sales representatives who had a fairly limited understanding of security,” attests a customer interviewed in the survey. .

Read alsoFrench-style cybersecurity is finally structuring its ecosystem

Conquering Asia

The French start-up has also managed the feat of raising 20 million euros in an industry where investors are still often cautious, observes a good connoisseur of the sector. The sum allowed them to push the fires internationally, which now represents more than half of the turnover of more than 10 million euros.

YesWeHack has offices in a dozen countries, notably in Dubai and Singapore, where it employs around fifteen specialists who roam throughout Southeast Asia: Lazada, the Singaporean e-commerce giant, or the telecom equipment manufacturer Chinese ZTE are among its customers. This geographical expansion should allow the small French to maintain its rank against the large Anglo-Saxons. Even to tease them in their square meadows.