French drone manufacturer Parrot has announced its new bug bounty program in partnership with the European crowdsourced security platform YesWeHack. The company will have access to the platform’s community of cybersecurity researchers to find any vulnerabilities in its drones, mobile applications, and web services.
The bug bounty program will take place in two phases. The first is a private program only open to a select few of YesWeHack’s security researchers and will focus on current and future drone models. Once the researchers have found any vulnerabilities, the program will enter phase two.
Phase two is a public program, allowing anyone in the YesWeHack community to get the chance to test Parrot’s security. This phase will only occur once the products have been commercialized, ensuring there is no data leaked ahead of time.
While phase one consists of the best cybersecurity researchers, phase two could have more than 22,000 cybersecurity researchers attacking Parrot’s products and software. If nothing is found in phase one, something will likely be found in phase two and patched.
Victor Vuillard, chief security officer and CTO cybersecurity of the Parrot Group, shared:
After the integration of cybersecurity from the initial design phase of Parrot drones, the Bug Bounty launched with YesWeHack completes the audits and brings an additional step of control. In the event of a flaw, YesWeHack’s community of cybersecurity researchers will detect it and allow Parrot to correct it before real attackers can misuse it.
Having a bug bounty program, especially one that allows more than 22,000 people that know what they are doing, is a big deal for the security of a company’s products. Parrot has always had a strong focus on security, external audits, and now this.
Guillaume Vassault-Houlière, CEO of YesWeHack, added:
We are delighted to support Parrot in its commitment to its drones and user data security. The richness and diversity of the YesWeHack community offer the spectrum of skills required to cover the full range of perimeters, whether hardware or applications. The public Bug Bounty phase, which will take place in a second phase, will allow Parrot’s products to be confronted with the expertise of several thousand researchers, thus reinforcing its transparency in cybersecurity.
As you might know, Parrot isn’t the first to announce such a program. In August 2017, DJI opened its own bug bounty program, DJI Security Response Center, allowing its community of developers to find vulnerabilities in its products. In 2020 alone, 12 researchers were able to find and report 13 vulnerabilities that have been patched in software updates. DJI’s Adam Lisberg made sure to comment on the news shared by the Drone Analyst on Twitter, saying the following:
Check out some of our other coverage on Parrot.
- Parrot’s MicaSense could be sold to AgEagle Aerial Systems for $23 million
- Parrot chosen to supply the French Army with ANAFI drones
- Parrot to work with FoxFury to equip ANAFI drones with lights
- Verizon Skyward, Parrot partners to provide drone training
- Parrot and Dronisos join forces to explore drone automation
FTC: DroneDJ is reader supported, we may earn income on affiliate links