Bug Bounty

Bug Bounty · UYBHYS 2026

The westernmost bug bounty in France.

One day. Cybersecurity students. Real flaws to find. In partnership with YesWeHack and BZHunt.

DATE NOV 6, 2026 Le Quartz · Brest · 9:30 AM → 6:30 PM
→ Register a school Submit a scope ↓

2024 edition in numbers

105 Students
6 Schools
9h Non-stop
3rd Edition

The Unlock Your Brain Bug Bounty

Unlock Your Brain hosts a Bug Bounty exclusively for cybersecurity students in Brest. Originally championed by YesWeHack and BZHunt, this initiative promotes cybersecurity questions, challenges and careers to students — while offering vendors a new approach to security auditing.

For this 3rd edition, for over 9 hours, students are challenged to discover security flaws on professional websites and connected objects provided by our partners.

Practical information

Date

Friday, November 6, 2026

Venue

Le Quartz National Stage, Brest

Hours

From 9:30 AM to 6:30 PM

Scopes

Patience! Revealed on the day

Participating schools

Want to take part?

You are a company

Our partner companies provide scopes (web apps or connected objects) which are tested by students. Each vulnerability reported on the YesWeHack platform is triaged by BZHunt and earns points for the team that found it.

The whole programme runs within a strict and ethical framework, where students follow precise rules for each product tested.

Any company (SME) building digital tech can submit a scope — web app, connected device, or business system.

A modest financial contribution is requested to cover organization costs (venue, food, prizes for winners).

→ Submit a scope

You are a school

All cybersecurity schools may submit a team. No specific level required — the Bug Bounty is also a chance to discover the practice on real-world scopes.

Free team composition, but 6 people max on-site per school (excluding the supervisor). Remote: web scopes only. Connected objects can only be tested on-site.

Registration via a list (pseudonym + email) to bugbounty@unlockyourbrain.bzh@school emails only, profiles verified.

Confirmation deadline: October 10, 2026.

→ Register a team

How it works

  1. The scope is offered

    A partner company provides a web application or connected object to challenge.

  2. Students hunt

    9 hours non-stop to identify vulnerabilities. Teams mobilize their knowledge and organize.

  3. BZHunt qualifies

    Vulnerabilities reported on YesWeHack are triaged and validated by BZHunt, supported by experts and the partners’ teams.

  4. Points & prizes

    Each qualified flaw earns points (importance + report quality). The most skillful teams take home prizes.

How a bug bounty works

They took part: testimonial

Photo de Pascal BARATOUX
CISO — JAMESPOT

As CISO of Jamespot, I had the opportunity to take part in November 2024 in the Bug Bounty organized by the Cantine Numérique de Brest, BZHunt and YesWeHack, in partnership with cybersecurity students. This event, in which we participated for the second consecutive year, made it possible to test the resilience of our SaaS platform under real-world conditions.

For one day, motivated and creative students sought to identify vulnerabilities, sometimes difficult to detect internally. Some were discovered, analyzed with them, then quickly fixed by our teams, which strengthened our security level and improved our processes.

This approach feels essential to us, as it perfectly complements traditional intrusion tests like Pentests. The Bug Bounty introduces a more realistic, collaborative and agile approach, reproducing the way an attacker might operate.

We know that many companies hesitate to take the plunge, feeling that their platform is not yet “mature enough” or that this kind of operation would be too costly. Our experience proves the opposite: a well-organized student Bug Bounty is both affordable and extremely beneficial, both for companies and for training future cybersecurity experts.

By participating in this kind of initiative, Jamespot contributes to democratizing access to Bug Bounty and showing that it is possible, today, to strengthen the security of one’s information system while supporting the next generation of talent in the field.

resilience cybersecurity hunting

What is a Bug Bounty?

A Bug Bounty programme mobilizes a community of ethical cybersecurity researchers to detect flaws in a company’s or product’s information systems through a proactive approach.

Their mission is to identify vulnerabilities and report them to the company so that systems can be improved through a continuous iteration process — a virtuous cybersecurity cycle that allows vendors to deliver increasingly secure systems to their customers.