Bugbop

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform. Founded by ethical hackers in 2015, YesWeHack connects organisations worldwide to tens of thousands of ethical hackers, who uncover vulnerabilities in websites, mobile apps, connected devices and digital infrastructure. The YesWeHack platform offers a range of integrated, API-based solutions: Bug Bounty (crowdsourcing vulnerability discovery); Vulnerability Disclosure Policy (creating and managing a secure channel for external vulnerability reporting); Pentest Management (managing pentest reports from all sources); Attack Surface Management (continuously mapping online exposure and detecting attack vectors); and ‘Dojo’ and YesWeHackEDU (ethical hacking training). YesWeHack's services have ISO 27001 and ISO 27017 certifications, and its IT infrastructure is hosted by EU-based IaaS providers, compliant with the most stringent standards: ISO 27001 (+ 27017, 27018 & 27701), CSA STAR, SOC I/II Type 2 and PCI DSS.

Open Bug Bounty project enables website owners to receive advice and support from security researchers around the globe in a transparent, fair and coordinated manner to make web applications better and safer for everyone’s benefit. Open Bug Bounty’s coordinated vulnerability disclosure platform allows any security researcher reporting a vulnerability on any website as long as the vulnerability is discovered without any intrusive testing techniques and is submitted following responsible disclosure guidelines. The role of Open Bug Bounty is limited to independent verification of the submitted vulnerabilities and proper notification of website owners by all available means. Once notified, the website owner and the researcher are in direct contact to remediate the vulnerability and coordinate its disclosure. At this and at any later stages, we never act as an intermediary between website owners and security researchers.