Clearly, Senator Nathalie Delattre continues to support the hacking community in Parliament. After having defended last June, without success, increased legal protection for ethical hackers who are whistleblowers, the elected representative of Gironde has just tried to pass a new provision.
This time, the amendment to the centrist senator’s 2024 finance bill concerned a tax credit for the benefit of ethical hackers. Nathalie Delattre proposed the issuance of a tax receipt for white hats who have reported to Anssi vulnerabilities relating to associations or non-governmental organizations.
Tax receipt
“A community of digital whistleblowers is developing ready to support and help associations and NGOs to protect themselves against cybersecurity attacks,” explained the senator in this amendment, also signed by seven other senators. The proposed tax receipt, with a maximum value of 1000 euros, aims precisely to “support this dynamic”. And the elected officials underline, without specifying their source, that half of the NGOs are victims of computer attacks or attempted attacks, a way of raising awareness of the urgency of the situation.
The senator’s suggestion, however, flopped, with the amendment ultimately withdrawn after an unfavorable opinion from the government as well as the general rapporteur. Nathalie Delattre’s previous amendment was also withdrawn, after the government promised her in session to improve the law of October 2016, which already protects ethical hackers, through the transposition of European texts in France .
Bug bounty
After remaining relatively confidential, “Bug Bounty” programs are now on the rise. The Ministry of the Interior, for example, called on Yogosha hackers last spring to test the protections of “My proxy”, an online electoral proxy request service.
The interministerial digital department has also just launched a hunt for vulnerabilities on the FranceConnect authentication portal with the company YesWeHack. The program provides rewards of up to 20,000 euros for flaws discovered allowing people to connect under a false identity on FranceConnect+, the new, more secure version of the gateway.