• Using our Bug Bounties, all our customer found security flaws in less than 24h, even those who just carried out a security audit.

Three reasons to join Yogosha

You only pay for discovered bugs

Our security researchers are carefully selected

We use market standard to set the price of each vulnerability

  • "Bug Bounty has allowed the whole company to understand through examples that they can reproduce what cybersecurity is and what is really at stake here"

    Tim Saumet - CTO Tilkee.com
  • "It reassures our clients when we tell them we work with ethical hackers, and that we know each one of them individually. In pre-sales, it's a major argument"

    Yann Perchec - CTO PeopleDoc.com

Yogosha in the news

The four steps of your Bug Bounty

Define your target

Define your budget

Estimate the price of your bugs

Validate and reward bug reports submitted by our researchers

  • Which price range for my vulnerabilities?

    Yogosha guides its customers in defining the most suitable price range for their Bug Bounty. Our exclusive calculation matrix takes into account your cybersecurity history as well as your risk specific approach, the criticism of the audited solution, its perimeter and its environment, as well as other factors contributing to the fair price for each vulnerability discovered on your IT.

  • How to set a vulnerability price?

    Yogosha was the first platform in the world to develop a CVSS widget to calculate the severity of a vulnerability on the researcher side and on the customer side. This approach makes it possible to start from a rational and objective base to determine the price of a vulnerability from the price range previously established by the customer.

Discover the platform

  • A tailored bug bounty

    Yogosha guide its customers to perfectly define a Bug Bounty mission in accordance with their expectations and objectives previously defined.

    Rules, targets and rewards are clearly displayed in the form of a real contract that binds the researchers and the company that uses them through the Yogosha platform.

  • A clear and intelligible bug report

    Written by security researchers who want to share their knowledge, Yogosha vulnerability reports are clear and intelligible. They are directly usable to correct an identified vulnerability and enhance cybersecurity.

  • Practical training in cybersecurity

    Each of Yogosha vulnerability report include a proof of concept, which shows step by step how the vulnerability identified by the researcher can be exploited and allows developers to learn through a concrete example.

  • Market standards to ease conversations

    Market standard CVSS allows a vulnerability’s criticality to be evaluated in a rational way. Each researcher uses our CVSS widget to score every vulnerability he uncovers when reporting it on the platform. The customer can double check and do his own CVSS evaluation using the same widget, and take into account contextual informations to refine it, and ease price negociation, since criticality is linked to the price of each bug.

  • A quick overview of vulnerabilities to be fixed

    The vulnerabilities reporting interface allows you to sort and rank reports according to a variety of criteria such as severity, potential cost, or typology of the identified vulnerability. This makes it easier to determine priorities and how to distribute work within an IT team.

  • Monitoring the KPIs of your Bug Bounties made easy

    The Yogosha dashboard allows you to follow the main KPIs of a Bug Bounty, including the evolution of the number of vulnerability discovered, the follow-up of the sums paid to the researchers, the distribution of the criticalities of the vulnerabilities as well as their typology. These elements are designed to be easily exportable in order to integrate into internal reports or to be sent to the clients of the company.

  • A platform that adapts to your organization

    Regardless of the size of your IT team and Infosec team, Yogosha is designed to adapt to all configurations and businesses, allowing each member of your team to find their place in the use of a Bug Bounty.

  • A Bounty Bug that sticks with reality on the ground

    There are three differents roles in teams that operate a Bug Bounty within an organization. The Bug Bounty Manager is the administrator and has access to all the possible settings, the Security Analyst manages the vulnerability reports, the vulnerability assessment as well as that of the researchers, the Dev can consult the fault reports and exchange with Researchers for clarification.

  • Known and renowned Security Researchers

    The security researchers working on the Yogosha platform are fully identified in terms of marital status and skills. They are from all over the world and have been selected for their skills, diversity, creativity, customer relations and willingness to share their knowledge.

Senior security researchers from the Yogosha community, recruited through a rigorous process and a drastic selection, are professional, creative and clear in their reports.


Let’s make an appointment

A senior and multidisciplinary team

  • Yassir Kazar
    Fabrice Epelboin
    Kevin Liagre
    Véronique Loquet
    PR Advisor
    Jérémie Heduy
    Eléonore Barrault

They support us