Digital Innovation Digital Publishing
2 mins read

Safeguarding publishers with innovative bug bounty program: Echobox partners with YesWeHack

Getting your Trinity Audio player ready...

Echobox, the leading publishing automation solution, has made its bug bounty program public for the first time with YesWeHack, the global bug bounty and Vulnerability Disclosure Policy (VDP) platform. 

By partnering with YesWeHack to run its bounty programs, Echobox gains access to a global community of 45,000 skilled ethical hackers who will scrutinize and test the Echobox platform in an attempt to identify security vulnerabilities. These ethical hackers, or “hunters,” can earn bounties of up to €6,000 for the most serious vulnerabilities identified. Echobox will proactively resolve any vulnerabilities found, ensuring its platform remains highly secure and preventing any flaws that, left ignored, may have resulted in future security breaches.

Echobox’s participation in bug bounty programs makes it unique amongst social media automation platforms. The only publishing automation solution to run a public bug bounty program of this nature, Echobox provides its publisher clients with a heightened level of cybersecurity – a critical requirement for many of the world’s largest, most trusted publishers and media groups who post news to millions on social media. Reinforcing the security of the Echobox platform gives publishers peace of mind that malicious actors cannot interfere with their communications on social media.

The public bug bounty program, as well as previous private programs, underscores Echobox’s fundamental commitment to security for its clients, complementing initiatives including comprehensive cybersecurity training for all employees and stringent internal anti-phishing measures, amongst others. 

“For news publishers in particular, a potentially compromised social media account carries extremely high risk,” said Marc Fletcher, CTO of Echobox. “Protecting real news is an absolute priority for Echobox, and taking our private bug bounty program public is one of many investments we’ve made to ensure the robust security of our platform. Bug bounty programs in particular are highly effective at preventing breaches and ensuring a platform is impenetrable across all aspects of cybersecurity.”

“Bug bounties are a vital part of every organisation’s security toolbox,” added Sam Lowe, Account Executive at YesWeHack. “By moving towards a public program, Echobox continues to show its commitment to safeguarding the proprietary data of publishers it works with, and provides them with reassurance of the best in class security at a time when the digital landscape is rife with vulnerabilities and threats.” 

Details of Echobox’s bug bounty program are available at