The French government has launched an invite-only bug bounty program for its newly launched identity authentication application, ‘France Identité’.
Hosted by Paris-based ethical hacking platform YesWeHack, the program will eventually be opened up to all security researchers and then run for the mobile app’s lifetime, explains a YesWeHack blog post published today (June 13).
Around 30 ethical hackers were invited to start probing the application for security vulnerabilities from June 8.
Selim Jaafar, head of customer success at YesWeHack, told The Daily Swig: “For this first step in a private program, we helped France Identité to select researchers having specific skills on the technologies used by the application; especially in the domain of cryptography, which is at the heart of this service.”
In phase two of the program, starting on a yet-to-be-confirmed date, a second group of researchers will be invited to join the program before it is eventually relaunched as a public undertaking.
Digital ID
The France Identité application allows French citizens to validate their identity when using government services or travelling overseas by sending secure, single-use digital identity documents.
The mobile app was launched earlier this year to complement France’s new electronic identity cards, which replaced their non-digital predecessors in August 2021.
Currently in beta mode, the app will also support passports and residence permits by the end of 2022.
The France Identité bug bounty program is jointly managed by the state secretariat for digital affairs and French ministries of the interior, justice, and transformation and public service.
YesWeHack already has experience of managing bug bounty programs for French government entities, including the French Ministry of Defense, Digital Transformation Agency, a French government website that supports cyber-attack victims, and a Covid-19 contact tracing app.
In this month’s Bug Bounty Radar, The Daily Swig also revealed the launch of a new YesWeHack program by Quebec’s Ministry of Cybersecurity and Digital.
Source: https://portswigger.net/daily-swig/french-government-launches-private-bug-bounty-program-for-identity-authentication-app