Security
Headlines
HeadlinesLatestCVEs

Headline

French government launches private bug bounty program for identity authentication app

Cryptographic skillset favored during hacker selection process

PortSwigger
#vulnerability#web#git#auth

Adam Bannister 13 June 2022 at 13:24 UTC

Cryptographic skillset favored during hacker selection process

The French government has launched an invite-only bug bounty program for its newly launched identity authentication application, ‘France Identité’.

Hosted by Paris-based ethical hacking platform YesWeHack, the program will eventually be opened up to all security researchers and then run for the mobile app’s lifetime, explains a YesWeHack blog post published today (June 13).

Around 30 ethical hackers were invited to start probing the application for security vulnerabilities from June 8.

RELATED Hack Me, I’m Famous: Bug bounty hackathon nets security researcher €10,000 overnight

Selim Jaafar, head of customer success at YesWeHack, told The Daily Swig: “For this first step in a private program, we helped France Identité to select researchers having specific skills on the technologies used by the application; especially in the domain of cryptography, which is at the heart of this service.”

In phase two of the program, starting on a yet-to-be-confirmed date, a second group of researchers will be invited to join the program before it is eventually relaunched as a public undertaking.

Digital ID

The France Identité application allows French citizens to validate their identity when using government services or travelling overseas by sending secure, single-use digital identity documents.

The mobile app was launched earlier this year to complement France’s new electronic identity cards, which replaced their non-digital predecessors in August 2021.

Currently in beta mode, the app will also support passports and residence permits by the end of 2022.

Read more of the latest bug bounty news

The France Identité bug bounty program is jointly managed by the state secretariat for digital affairs and French ministries of the interior, justice, and transformation and public service.

YesWeHack already has experience of managing bug bounty programs for French government entities, including the French Ministry of Defense, Digital Transformation Agency, a French government website that supports cyber-attack victims, and a Covid-19 contact tracing app.

In this month’s Bug Bounty Radar, The Daily Swig also revealed the launch of a new YesWeHack program by Quebec’s Ministry of Cybersecurity and Digital.

YOU MIGHT ALSO LIKE Vast majority of ethical hackers keen to spend more time bug bounty hunting – report

PortSwigger: Latest News

We’re going teetotal: It’s goodbye to The Daily Swig