Case Study: BlaBlaCar improves vulnerability discovery and coordinated disclosure with YesWeHack

BlaBlaCar - Customer Case Study

BlaBlaCar, the ridesharing company, needed a better way to manage an increasing volume of informal vulnerability reports from social media and customer support, while also complementing its traditional security audits. To channel these reports into a structured and legal process, it chose YesWeHack’s bug bounty platform, mainly for regulatory, data sovereignty, and hunter community reasons.

With YesWeHack, BlaBlaCar launched a private program in late 2017 and moved to a public program seven months later, using the platform to qualify reports, route issues to the right development teams, and validate fixes with hunters. The company saw high-quality critical findings early on, then a manageable increase in reports after going public, while also improving internal security awareness and enabling continuous testing across frequently updated applications.

BlaBlaCar

Alain Tiemblo

Security Leader