French digital ID’s cybersecurity put to the test with bug bounty program
A global cybersecurity community has announced it will launch a bug bounty program for France’s digital ID as an audit of its security and level of trust.
The YesWeHack community is set to scrutinize the France Identité mobile application, a digital ID that was launched as in a beta phase in May 2022. Though France Identité does not biometrically verify its users due to concerns raised by the French public, it can scan national ID cards, which contain a chip that stores biometric data in the form of a photograph and two fingerprints of the card holder.
YesWeHack is a French cybersecurity company that organizes crowdfunded audits through bug bounty programs. It sets a price on discovering security flaws in an app, website, or program, and pays out financial compensation to ethical hackers who disclose the vulnerabilities.
The bug bounty program will start from June 2022 in a private phase with about 30 hackers selected by YesWeHack and France Identité, according to a blog post by YesWeHack. From there, the private phase will add new researchers to the program. Finally, the digital ID app will move to a public bug bounty phase, where the whole YesWeHack community is open to probing its vulnerabilities.
The bug bounty program is said to run indefinitely, and France Identité will gradually open up its code to the public to identify vulnerabilities.
The most prominent bug bounty program in digital ID may be FaceTec’s liveness detection spoof bounty program.