Bug Bounty programme
Contribute to improving our ethical solutions to ensure the highest level of security for our customers by joining our community of researchers.Join the programme
Committed to cybersecurity and digital confidence
There's no such thing as absolute security. That's why it's our priority and is at the heart of everything we do, everything we create.
Our solutions focus on the essential needs of our users to limit human security errors.
Our technologies are developed in Switzerland by our own teams and / or are based on world-renowned open source projects.
Whistle-blowers are protected, and our employees can report any irregularity anonymously at any time.
To complement this approach, we work with the collective intelligence of the community of researchers and ethical hackers to ensure the highest possible level of security for our customers.
Your goal: to challenge the security of our solutions
Anyone interacting with our products and services is encouraged to report the vulnerabilities identified to our security team. Substantial bonuses can be awarded for proven reporting, and it's also a great way to get in touch with our technical teams to join Infomaniak and contribute to the development of an ethical cloud that respects privacy and the environment.
How does it work?
Our customers' security and trust are our top priorities. With our Bug Bounty programme, we reward ethical hackers and researchers who contribute to strengthening the cybersecurity of our ethical cloud solutions.
Report the vulnerability discovered
Describe the vulnerability identified as precisely as possible.
Contact our security team
An expert will analyse your report and contact you for further information.
Receive a follow-up and your reward
You'll be able to follow the case and you'll be paid according to the service you provide.
Our customers' trust is our priority. We encourage collaboration between our security team and the community to strengthen our cyber defence. Our Bug Bounty programme is part of our commitment to security, data protection and transparency.
Join the Bug Bounty programme
Join the YesWeHack platform to report vulnerabilities to us and receive payment for your contribution.Join the Bug Bounty programme
Do you have any questions or doubts?
We’ve compiled the questions we’re often asked – see below.
Why use the YesWeHack platform?YesWeHack's online bug bounty service enables us to process your reports more quickly, with triage managed by the service team, and we enjoy smoother communications for collaboration with security vulnerabilities researchers.
Rewards are then managed automatically according to the validity of the report and the level of severity of what has been found.
You will benefit from a high-performance tool for working with Infomaniak's internal teams.
How are safety reports assessed?We ask you to send us as many details as possible about the flaw you have identified, so that we can accurately assess the severity and impact of your discovery.
The YesWeHack team will then reproduce (PoC) the weakness identified for a second evaluation of your report.
Our teams will carry out a final assessment based on CVSS criteria, the impact on our core business and other internal criteria.
What rules and tests are authorised?Please observe the following rules when performing searches:
- Denial-of-service (DoS) attacks against our applications, servers, networks or infrastructure are strictly prohibited.
- Avoid tests that could damage or interrupt our services.
- Do not use automated scanners or tools that generate large volumes of network traffic.
- Do not disclose, manipulate or destroy user data or files in any of our applications/servers.
- Do not copy files from our applications/servers and do not disclose them.
- No disclosure of vulnerabilities, complete, partial or otherwise, is permitted.
How does the Bug Bounty system work?In our YesWeHack programme, a scale of rewards is indicated according to the evaluation of the severity and its impact. Once your report has been validated, a reward will be awarded and paid automatically via the YesWeHack system.