Hire a team of hackers to hunt out any weak points in our software—sounds crazy, right? Well, not if they’re wearing white hats! These modern-day bounty hunters get paid a bonus for every bug they find. White-hat hackers are one of the most effective ways to make an IT system more secure, which also happens to be a top goal for Open Digital Education, the developer behind ONE and NEO.
With help from a program funded by the City of Paris, Open Digital Education is working with YesWeHack, a leading bug-bounty platform in France. YesWeHack works with a community of cybersecurity experts and specialists trained in software and website penetration testing. As part of the program, they hunt down vulnerabilities and receive a bonus as soon as they find one. The amount varies depending on how serious the bug is. White-hat hacking is one of the best tools we have to make our platforms more secure. Many large corporations and government websites have already used it, including Doctolib and FranceConnect. Every bug the hackers flag is evaluated by YesWeHack and confirmed by the technical teams at Open Digital Education, who then get to work fixing the problem.
A program partnered with the City of Paris
For the past five years, the City of Paris has been using our virtual learning space in its primary and middle schools. It funds the bug bounty program, which is coordinated through its dedicated platform, Paris Classe Numérique. YesWeHack was given access to the admin-level accounts as well as around 30 student and ADML accounts. The project started in December 2022 and will continue for several months. The improvements we’ve been able to make, thanks to the support of the City of Paris, will then be rolled out to all of our platforms and services. This same type of approach—one based on cooperation and mutual assistance—lies at the heart of how we operate.
Your Safety, Our Priority
At Open Digital Education, we do everything in our power to ensure our users are protected by a high level of security. Since 2014, our platforms have been the subject of nine audits. We also take special care to secure our most sensitive accounts, which is why we are now instituting a double authentication system to access the administration console.