⬆️[PTM] Revamped Audit Reports
Key changes
Several modifications have been brought to the Pentest audit reports.
“Final reports” have been renamed “Audit Reports”.
Audit Reports can now be generated anytime during, or after, a pentest campaign.
Users can now set the visibility of audit reports to other pentesters.
A specific date range can be set when launching the Audit Report to indicate which period to take into account. The date considered is the date on which the report was created.
⚠️ Audit report generation for a specific date range is only available for Pentest programs that have not enabled the “Certification” option.
The audit report page has been improved to include:
State (like currently)
Certification: None or Enabled
Start and End dates
Pentest lead: with the action to designate it
Status actions
Impact
Flexibility – Audit reports can be generated any time during a campaign, allowing you to “update an audit report” by regenerating it to see the status of the fixes.
Customisation – Audit reports can be set to take into account reports on specific dates only.
Audience
Pentest users that wanted to generate an audit report on specific dates
Program managers and Pentest Lead that wanted to hide/show certain audit reports to other pentesters
Usage
The Pentest program page now includes the name of the pentest lead and an action button to designate it.
The Audit Report page of the program has been revamped. In addition to newly displayed information, program managers can:
Start/Pause/Stop the pentest campaign
Designate a Pentest lead
Generate an Audit report
Customise the audit report
Upload a custom report
The generation page for audit reports now features a “Start” and “End” dates filters, for pentest programs where the certification is not enabled:
Program managers and Pentest leads are able to hide or display the current and previous campaign's Audit reports.
Pentest Leads can hide or display their own current campaign's Audit reports, not the ones from previous campaigns.
Pentest Leads can't change the visibility of Audit reports generated by a program manager.
[CORE] Platform Code of Conduct
Key changes
A new platform code of conduct now apply to anyone using our platform and services and are embedded in our company principles.
Click here to read the platform code of conduct.
Impact
This new Code of Conduct outlines the rules and potential sanctions in cases of unethical or unprofessional behavior on the platform, in order to offer a collaborative, trusted, and secure environment for finding and fixing security vulnerabilities.
Audiences
All users who participate in a program.
Usage
Each security researcher has 7 ethical points.
Every confirmed violation of the Platform Code of Conduct decrements this ethical points counter.
Security Researchers who maintain the full ethical score of 7 points are considered to be in stellar standing and fully trusted by YesWeHack. This trusted status may be considered when extending invitations to exclusive private programs.
Each warning and point deduction are applicable for separate periods of 12 months, except in the case of Suspension or Ban. Points will be automatically re-credited at the end of each period.
[MISC]
“Bug Bounty Certificates” are now “Program Certificates”, a more generic feature that fits all YesWehack programs (e.g., Pentest, Bug Bounty programs).