Bug Bounty
“This approach seems essential to us, as it perfectly complements traditional penetration testing. Bug Bounty introduces a more realistic, collaborative and agile approach, which replicates the way an attacker might go about it."
Pascal BARATOUX - CISO at JAMESPOT
💡 Read Pascal BARATOUX’s feedback — CISO at JAMESPOT
The Unlock Your Brain event organises a Bug Bounty dedicated exclusively to cybersecurity students in Brest. This event is made possible thanks to partnerships with the YesWeHack platform and the triagers from BZHunt.
The Unlock Your Brain Bug Bounty
For the second edition, Unlock Your Brain hosts a Bug Bounty dedicated to students. Originally an initiative by YesWeHack and BZHunt, this event is very much in the spirit of UYBHYS.
The objective is to promote cybersecurity issues, challenges, and careers among students, as well as introduce a new approach to security auditing/penetration testing for software developers. The Bug Bounty competition offers students — enrolled in digital programmes at higher education institutions — the opportunity to tackle real-world vulnerability research cases in a dynamic and friendly atmosphere.
Once again this year, for over 9 hours, students will be challenged to discover security vulnerabilities on professional websites and connected devices provided by our partners.
Participating schools
Practical information
Date: Friday 7 November 2025
Venue: Scène nationale du Quartz, Brest
Hours: 9:30 am to 6:30 pm
Scope: Stay tuned! Details will be revealed on the day.
👉 Are you a company and would like to submit an application?
👉 Are you a school and would like to register a team?
The Bug Bounty from a professional perspective
Submit an application
Our Bug Bounty partner companies provide scopes that will be tested for vulnerabilities by cybersecurity students (105 last year). Each student who believes they have found a vulnerability reports it on a dedicated platform (YesWeHack) and a team of triagers (BZHunt) verifies whether the vulnerability is genuine. Based on the results, points are awarded and the team with the most points wins the event.
We will strive to offer students several types of scopes. Last year, we had web scopes and connected devices.
All Bug Bounty programmes are conducted within a strict framework, where students are required to follow precise ethical rules for each tested product.
A modest financial contribution is requested to cover the event’s organisational costs (venue rental, catering, etc.) as well as prizes for the winners.
Register a student team
All cybersecurity schools are welcome to submit a team. No specific level is required. Participating in the Bug Bounty is also an opportunity to discover this type of programme in practice, on real scopes.
As rewards, the most skilled teams and students will receive prizes based on the points they accumulate. These points are based on the severity of the identified vulnerability and the quality of the research work (method used, clarity of the report, recommendations, etc.).
Each higher education institution is free to form teams of any size. However, on-site places will be limited to 6 people per school (excluding tutors). PLEASE NOTE: remote participants will only be able to work on web scopes. Connected devices can only be tested on site.
To register a team, please send a list including the username and email address of each student to be invited to the Bug Bounty programmes to bugbounty@unlockyourbrain.bzh.
PLEASE NOTE: registration is only possible with email addresses from a school domain and profiles will be verified.
Schools must confirm their participation before 10/10/2025.
What is a Bug Bounty?
A Bug Bounty programme involves mobilising a community of ethical cybersecurity researchers to detect vulnerabilities in an organisation’s or product’s information systems through a proactive approach.
These researchers are tasked with identifying vulnerabilities and reporting them to the organisation to enhance system robustness through a continuous improvement process.
The goal is to create a virtuous circle of cybersecurity, while enabling developers to provide their clients with increasingly secure systems.
How does a Bug Bounty work?
Several partners have agreed to challenge students to find cybersecurity vulnerabilities on websites and connected devices. Students must use their knowledge and organise their teams to detect these vulnerabilities. If vulnerabilities are discovered, students report their findings on the YesWeHack platform.
The BZHunt teams, supported by some experts and partner teams, then qualify the identified vulnerabilities. If accepted, they are addressed by the developers. Students accumulate points for each qualified vulnerability.
Bug Bounty 2024 — feedback from Jamespot’s CISO
As CISO at Jamespot, I had the opportunity to take part in November 2024 in the Bug Bounty organised by La Cantine Numérique de Brest, BZHunt and YesWeHack, in partnership with cybersecurity students. This event, which we attended for the second consecutive year, allowed us to test the resilience of our SaaS platform under real-world conditions.
Over the course of a day, motivated and creative students worked to identify vulnerabilities — some of which are difficult to detect internally. Several were found, analysed together, and quickly corrected by our teams, which strengthened our security level and improved our processes.
This approach seems essential to us, as it perfectly complements traditional penetration testing such as Pentests. Bug Bounty introduces a more realistic, collaborative and agile approach, which replicates the way an attacker might go about it.
We know that many companies hesitate to get started, feeling that their platform is not yet "mature enough" or that this type of operation would be too costly. Our experience proves otherwise: a well-organised student Bug Bounty is both affordable and extremely beneficial, both for companies and for training the next generation of cybersecurity experts.
By participating in this type of initiative, Jamespot is helping to democratise access to Bug Bounty and to show that it is possible, right now, to strengthen the security of your information system while promoting young talent in the sector.