Skip to content
Z Zendikt
Y
Penetration Testing as a Service (PTaaS) · Rank #6 of 10

YesWeHack review and pricing

French bug-bounty platform with EU data residency as primary differentiator.

By YesWeHack SAS · Founded 2013 · Paris, France · private

YesWeHack is the French bug-bounty and PTaaS platform, founded 2013 in Paris by Guillaume Vassault-Houliere, Manuel Dorne, and Romain Lecoeuvre, with a researcher community of approximately 60,000+ and a customer base heavily concentrated in France, EU public-sector, EU financial services, and EU regulated industries. Strengths: EU data residency on platform infrastructure (France-based), strong French public-sector pedigree (ANSSI-recognized; widely used across French ministries and OIVs/OSEs under LPM and NIS), GDPR-native handling by default, and a mature researcher community with strong French and Francophone Africa penetration. Best fit for French organizations, EU regulated industries (particularly financial services under DORA and OIVs/OSEs under NIS2), and EU public-sector buyers needing France-anchored data residency and ANSSI-aligned testing. Trade-offs: researcher community smaller than Intigriti (~60K vs ~100K) and meaningfully smaller than HackerOne / Bugcrowd; US logo coverage essentially nil; product breadth narrower than HackerOne / Bugcrowd (no ASM product); platform UX has been reported as dated relative to newer competitors; and pricing is denominated in EUR with limited US-buyer-friendly contracting.

Visit YesWeHack Vendor pricing Compare to Intigriti
Best for

French organizations, EU public-sector buyers (ministries, OIVs, OSEs under LPM and NIS2), EU regulated industries (particularly financial services under DORA), and Francophone Africa enterprises needing France-anchored data residency and ANSSI-aligned testing.

Worst for

US enterprises (HackerOne / Bugcrowd / Cobalt better), US federal buyers (Synack / HackerOne better), buyers wanting broad ASM / AI-safety product breadth, or buyers prioritizing modern platform UX (Intigriti / Cobalt newer).

Vendor Trust Score

Is YesWeHack a trustworthy vendor?

8.2/10
High trust
Pricing transparency
Published rates; no hidden fees
7.0
Contract fairness
Reasonable terms; no auto-renew traps
8.5
Incident response
How they handle outages and breaches
8.5
Post-acquisition behavior
Customer treatment after M&A or PE
8.5
Executive stability
Leadership churn over 24 months
8.5
Roadmap honesty
Public commitments held
8.0
Trust signal log
  • 2021-12-15
    Series B raised EUR 16M led by Eiffel Investment Group; EU expansion capital secured
  • 2023-09-22
    ANSSI recognition strengthened; YesWeHack widely adopted across French ministries and OIVs / OSEs under LPM
  • 2024-05-22
    NIS2 and DORA compliance-mapped reporting expanded; EU regulated-industry positioning strengthened
  • 2025-01-17
    DORA enforcement began; YesWeHack positioned as France-anchored EU compliance alternative to US-based platforms
Vendor Trust is scored independently of product quality. A great product from an unfair vendor still earns a low trust score.
Review Intelligence

What 90 reviews actually say

Synthesized from G2, Capterra, Reddit, Trustpilot. Patterns >15% prevalence shown.

Last synthesized
2026-04-30

Praise patterns

  • France data residency anchors EU compliance
    87%
  • ANSSI recognition strong for French public-sector
    78%
  • French and English triage responsive
    64%
  • GDPR-native handling by default
    51%

Complaint patterns

  • Researcher community smaller than Intigriti / HackerOne
    47%
  • Platform UX dated relative to newer competitors
    41%
  • Product breadth narrower (no ASM product)
    38%
  • US logo coverage essentially nil
    31%
Sentiment trend (6 months)
84/100 +1 pts
12
01
02
03
04
05
Patterns are extracted from review corpus and human-verified. We surface trends, not anecdotes.
Verified Pricing

What buyers actually pay

64 anonymized deal disclosures · last updated 2026-05-01

Contribute your deal price
Company size Median annual
VDP only $10,000
Bounty (mid-market) $60,000
Bounty (enterprise) $200,000
Verified pricing is crowdsourced from buyers under anonymity guarantees. Vendor-listed prices are validated against actual deals quarterly.
Compliance & Security

Auto-verified certifications

Verified 2026-05-01
SOC 2 Type II
ISO 27001
HIPAA
GDPR
CCPA
PCI DSS
FedRAMP

Editorial: Strengths

  • EU data residency (France-based platform infrastructure)
  • Strong French public-sector pedigree (ANSSI-recognized)
  • Widely used across French ministries and OIVs/OSEs under LPM, NIS, NIS2
  • GDPR-native handling by default
  • Researcher community with French and Francophone Africa penetration
  • Mature for EU financial services under DORA
  • Mature triage team fluent in French and English

Editorial: Weaknesses

  • Researcher community smaller than Intigriti / HackerOne / Bugcrowd
  • US logo coverage essentially nil
  • Product breadth narrower (no ASM product)
  • Platform UX reported as dated relative to newer competitors
  • EUR-denominated billing with limited US-buyer-friendly contracting

Key features & integrations

  • +YesWeHack Bug Bounty (managed programs)
  • +YesWeHack Disclosure (VDP)
  • +YesWeHack Pentest (PTaaS)
  • +EU data residency (France-based)
  • +GDPR, NIS2, DORA, LPM compliance-mapped reporting
  • +ANSSI-recognized program management
  • +French and English triage team
  • +Researcher reputation and ranking system
20+ integrations
JiraServiceNowSlackGitHubGitLab
Geography supported
France primary; EU and Francophone Africa strong; UK growing
Best fit
100 to 50,000 employees · French and EU-regulated organizations, EU public-sector
Editorial deep-dive

Read our full ranking of Penetration Testing as a Service (PTaaS)

YesWeHack ranks #6 in our editorial review of 10 penetration testing as a service (ptaas) platforms. The deep-dive covers methodology, comparison tables, decision matrix, migration scoring, and FAQs.

Read the full ranking

Closest alternatives in Penetration Testing as a Service (PTaaS)

#5
Intigriti
EU-headquartered bug bounty with GDPR, NIS2, and DORA compliance anchoring.
★ 4.7 partial
#7
Trustwave PTaaS
Legacy-MSSP heritage PTaaS; acquisition uncertainty material after Singtel sale.
★ 4.0 opaque
#4
Bugcrowd
Bug-bounty alternative at $1B+ valuation with HackerOne pricing-arbitrage positioning.
★ 4.4 opaque
Help the next buyer

Contribute your verified deal price

Pricing in B2B software is opaque because vendors want it that way. Verified buyer prices fix that, anonymously. Share what you actually paid for YesWeHack; we’ll add it to the verified pricing dataset on this page (with company size band only, no identifying details).

Submit anonymously