LIVE Bug Bounty

In partnership with

With collaborative security in the spotlight this year, it was a must to renew the organisation of a Live Bug Bounty during the FIC!
Thus, once again this year, YesWeHack and its partners will provide researchers attending the event with dozens of exclusive scopes! For two days, they will be able to track down security breaches and perhaps reap several thousand euros in rewards for their vulnerability submissions. The program managers will be present at the YesWeHack booth to qualify and validate the bugs submitted by the researchers. as well as to interact with them.
The companies participating in the event as well as the scopes will be revealed on 8 September in the morning on the YesWeHack stand, and the hunt will last for two days.
The YesWeHack Live Bug Bounty is organised independently of the European Cyber Cup. Researchers wishing to participate are not required to form a team and can participate individually in the Live Bug Bounty.  EC2 teams can also participate, as the Bug Bounty will allow them to earn bonus points in the overall ranking (in addition to the bounty).

How to participate?

  • You must be registered for the FIC 2021. To do so, please complete your registration by clicking here
  • To join the Live Bug Bounty FIC 2021, you must have an account on the YesWeHack Bug Bounty platform
  • Via their registration, Live Bug Bounty Hunters at FIC 2021 will be subject to the terms of use of the YesWeHack Bug Bounty platform
• No public disclosure of Bug is allowed;
• We reserve the right to cancel programs at any time and the decision to pay a reward is at the sole discretion of the program managers;
• You must not break any laws and must stay within the rules set out for each program;
• You must not disrupt the service or corrupt personal data;
• Failure to comply with the rules will result in the invalidity of the submission or even exclusion from the Bug Bounty program.
• No employee (current or former) of the programs concerned may participate in the program;
• No employees (past or present) of subsidiaries or subcontractors of the programs concerned may participate in the program;
• Respect the rules of each program described on;
• Be the first person to report a vulnerability;
• Only an exploitation originating from one of the IP addresses allocated to the FIC 2021 will be considered valid.
Please respect the following rules:
• Exclusive use of the Bug Bounty platform;
• Provide sufficient information to analyse the attack path in order to easily replay the attack. It will simplify the validation of submissions and will have an impact on the reward amount;
• The validity of each submission and the amount of the reward will be decided by the program managers on site.

An event
organized by


With the support of

Last editions