Skip to main content

This joint bug bounty allows to test the softwares most used by French local authorities. The objective: to uncover vulnerabilities and strengthen the digital security of cities and citizens.

Since June and until December, about fifty elite Yogosha hackers – some of whom are cleared by the Ministry of the Interior – will work together to strengthen the cybersecurity of local authorities.

The goal? Detecting vulnerabilities in the fifteen applications most used by French cities, selected by the CISO Club and COTER Numérique. A software for managing waiting lines, an administrative platform for registering in day care centers … Softwares used in all the country. With a single operation, the security of all citizens is therefore reinforced.

A single bug bounty to secure all municipalities, funded by the France Relance plan

The mutualization of this bug bounty program makes it possible to reinforce, in one fell swoop, the digital security of all local authorities without them having to incur individual expenses. The operation was financed up to 70% by the cybersecurity segment of the France Relance plan, with the support of the ANSSI and the particular involvement of :

  • the city of Boulogne-Billancourt and its CIO, Christophe Vergeron;
  • the city of Chelles and its CIO, Antoine Trillard;
  • Toulouse Métropole and its CISO, Grégory Bouet;
  • the CISO Club with Philippe Steuer, CISO of Bordeaux Métropole.

In addition to the benefit of mutualizing the program, the bug bounty model itself makes it possible to engage expenses only for concrete results. Each ethical hacker who finds an exploitable vulnerability receives a financial reward accordingly. The amount depends on the criticality of the vulnerability, and therefore on the danger it represents for the municipalities.

Supporting and educating software publishers

Throughout the bug bounty, Capgemini will support the editors of the tested softwares by:

  • a support role in triaging reports sent by hackers;
  • a role of advice in the remediation of the vulnerabilities uncovered;
  • a coaching role for the field teams in their adoption of bug bounty, and in their relationship with the ethical hacker community.

In addition to its direct impact, this bug bounty will also raise awareness among all the software publishers who partner with French cities. They are behind more than a hundred solutions for municipalities, which process the data of all citizens on a daily basis. Since the risk is real, so is the responsibility.

Cybersecurity is not just about protecting systems and software, it’s about protecting citizens. A city has a responsibility to ensure digital security as it ensures personal safety. This is something that can be difficult to understand, but it is essential. Cybersecurity is something that must be an integral part of a city’s politics.

– Christophe Vergeron, Chief Information Officer at Boulogne-Billancourt City Hall

In a nutshell, this mutualized bug bounty allows to:

  • strengthen the digital security of all cities in the country with a single security program
  • and a single expense for all municipalities, financed up to 70% by the France Relance plan.