It is better to be certain of the online security of sensitive sites. The Ministry of the Interior has called on hackers from the Yogosha company to test the digital protections of “MaProcuration”, the electoral proxy request service, the ethical hacking company has just indicated on its site.
No critical flaws discovered
This bug bounty, these hunts for the vulnerabilities of a consenting target organized by a platform bringing together ethical hackers, lasted two months. It “made it possible to discover several flaws”, explained, without really detailing them, David Crochemore, head of the digital transformation mission at Place Beauvau. “That said, the flaws were neither numerous nor critical, which demonstrates that we had worked seriously,” he added.
The MaProcuration service, set up in 2021, makes it possible to partially dematerialize the procedure for applying for an electoral proxy. It allows, after being authenticated with FranceConnect, to complete the administrative formalities online. But then you have to go to a police station or a gendarmerie to have your identity checked.
Tens of thousands of reports submitted
As Yogosha reminds us, the bug bounty does not replace other forms of audits, such as intrusion tests, but it complements them. “Hackers bring [une] additional layer of security, by intervening throughout the development and life cycle” of digital projects, specifies the company.
Yogosha also counts, for example, the airport specialist Groupe ADP among its customers or French communities, which had their business software tested last year. The company explained last year that it had passed the tens of thousands of vulnerability reports submitted on the platform by the selected ethical hackers, a figure to be compared to the performance of the market leader, HackerOne, which claims to have unearthed more than 65,000 faults in 2022.