FireBounty Cybermalveillance.gouv.fr - sensibilization, prevention and support in terms of cybersecurity Vulnerability Disclosure Program

Link to program

2020-04-28

2020-04-29

Thank

Gift

HOF

Reward

Cybermalveillance.gouv.fr - sensibilization, prevention and support in terms of cybersecurity

ABOUT CYBERMALVEILLANCE.GOUV.FR

Cybermalveillance.gouv.fr is an initiative of the French Government, launched in 2017, to respond to the uprising number of cyber-malicious-acts in France.
Cybermalveillance.gouv.fr is offering sensibilization, prevention and support in terms of cybersecurity to French citizens.
In 2017, the Public Interest Group against cybermalveillance.gouv.fr (GIP ACYMA) was created to carry these missions.
GIP ACYMA is addressing the following type of requesters :

Private individuals
Firms
Local authorities

The website Cybermalveillance.gouv.fr is meant to be the unique and major entry point for all victims of cyber-malicious-acts. It offers advisory, prenvention & sensibilization resources, and to put victims in contact with local service providers

OBJECTIVES

It is crucial for us to ensure a high level of security on our cybermalveillance.gouv.fr platform. The typical scenarios we are concerned about :

Victims’ data exfiltration
Modification or alteration of the tools and advices offered to the victims for awarness and assistance purposes.
Redirection of contact requests from victims towards malicious and/or unethical organisations.

ELIGIBLE VULNERABILITIES

When doing your risk assessment(s), keep in mind that the Service Providers are considered ethical and engaged in the project. Furthermore, Service Provider’s accounts are subject to our verification and validation.

RESPONSIBLE DISCLOSURE & CONFIDENTIALITY

GIP ACYMA believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our products or services, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
We kindly ask you to not use collaborative tools for your research notes in order to avoid any unwanted disclosure or leak potentially exploitable by a third party.

All testings must be conducted on https://pprd.cybermalveillance.gouv.fr, please avoid interfering with production environment

New 2024-04-02

In Scope

Scope Type	Scope Name
web_application	https://pprd.cybermalveillance.gouv.fr

Out of Scope

Scope Type	Scope Name
undefined	Anything that is not explicitely listed in scope section
web_application	https://www.cybermalveillance.gouv.fr

Firebounty have crawled on 2020-04-28 the program Cybermalveillance.gouv.fr - sensibilization, prevention and support in terms of cybersecurity on the platform Yeswehack.