OVH launches Bug Bounty and Reinforces Security

Montreal, July 6, 2016

OVH launches Bug Bounty and Reinforces Security

The program for reporting bugs on OVH infrastructures is accessible to all at bountyfactory.io. The objective: to continually improve the security of the services offered by the European cloud leader.

OVH Bug Bounty allows anyone interested in computer security to report potential vulnerabilities found on its infrastructures. Already tested internally, this program is now publicly accessible on the bountyfactory.io platform. All reported vulnerabilities are examined by the OVH security teams who can take necessary action if needed. Each report linked to a proven vulnerability will be rewarded monetarily in most cases - up to 10,000 euros. Cases outside of the scope of the program will be compensated in the form of ‘goodies’ or vouchers.

A platform hosted in France
Created seventeen years ago, the OVH group has always made security a priority, and bug reporting was already possible via security[at]ovh.net. For Vincent Malguy, SOC (Security Operation Center) team member, “The public launch of Bug Bounty is the culmination of many years of thought. The emergence of the bountyfactory.io platform makes it possible to bring to fruition the project that Octave Klaba wanted.”

The Bug Bounty platforms in existence up to now have all been American. For a company like OVH, which is committed to data sovereignty, it was unimaginable to store the list of vulnerabilities outside of its datacenters in France. The platform which enables OVH to carry out this program is hosted internally on its Dedicated Cloud offer, an infrastructure which has already been ISO 27001 certified for several years.

A consolidated approach to security
Opening the program to the public complements the many internal security measures put in place by the European cloud leader to assure the security of its infrastructures and customers data. Beyond its global certification strategy (ISO 27001 and ISO 27017, PCI-DSS, SOC 1 type II et SOC 2 type II for Dedicated Cloud), numerous intrusion tests are conducted internally and externally each year, assuring that the most critical systems meet the highest standards.

To cover the entire OVH spectrum and minimize the existence of security vulnerabilities, it was decided to standardize the public reporting procedure: “With Bug Bounty, we can constantly test all of our infrastructures with different profiles and various skills. We could never cover such a spectrum over long periods with classical audits,” states Vincent Malguy.

For the moment, Bug Bounty only concerns vulnerabilities dealing with the OVH customer control panel and the API. Very soon it will extend to cover other OVH products.

Learn more: Bug Bounty: Help us improve our security!

About OVH

Specializing in cloud and internet infrastructure, OVH offers innovative products and services evolving around three universes: Web, Dedicated and Cloud. Since being founded in 1999, the company has become an established partner for hundreds of thousands of professionals worldwide. OVH owes its success not only to a development model built on innovation but also to keeping full control over the supply chain, from server manufacturing and in-house maintenance of their infrastructure, right down to customer assistance. OVH is able to ensure stable and reliable product and service offerings to all clients across all its brands while also providing the best price quality ratio.

OVH
Guillaume Gilbert
guillaume.gilbert@corp.ovh.com