Up to a hundred hackers searched for a critical vulnerability in the Swiss meeting management solution Sherpany – but a vulnerability above the defined critical threshold could not be found. The test was part of a bet between Sherpany and Bug Bounty Switzerland. We are happy when our customers win the bet, especially when, like Sherpany, they already have a high level of security and are committed to the security of their customer data. So Bug Bounty Switzerland also comes out as the winner of the bet: to guarantee the security of its solution in the future, Sherpany will continue the Bug Bounty Program and, as part of an ongoing program, have their platform regularly checked for security vulnerabilities by our ethical hackers.
Zurich-based meeting management software manufacturer Sherpany has had its eponymous software tested for security vulnerabilities by our ethical hackers. During a test run from June 8 to June 29, 2021, the deployed hackers were unable to find any relevant gaps despite a prize of up to 15,000 Swiss francs per critical vulnerability found. In order to continue to guarantee the security of the platform, the bug bounty program will be transferred from Bug Bounty Switzerland to ongoing operations.
Sherpany is a solution for the preparation, execution and follow-up of business meetings. The software helps executives structure meetings to increase meeting productivity and thus boost business success. Because Sherpany is deployed as a software-as-a-service solution in business-relevant areas, a high level of security against cyberattacks is essential. As part of our bug bounty programs, «ethical hackers» – hackers working completely legally – are called upon to find vulnerabilities in our customers’ production systems. For each vulnerability found and confirmed, the successful ethical hacker from our community receives a reward.
From a bet to a continuous program
The cooperation between Sherpany and Bug Bounty Switzerland began with a bet between the two companies: Would a bug bounty program be able to detect critical security vulnerabilities in the software? One hundred ethical hackers were unable to compromise the security of the Sherpany platform in three weeks. This underlines the high security standard of the solution and confirms that customer data is well protected.
For Mathias Brenner, CTO of Sherpany, the investment in the bug bounty program has paid off: «Sherpany was able to provide public proof that our customers’ data is as secure as possible. Our previous efforts and investments in security have paid off.»
Despite the positive outcome of the bet, Sherpany does not intend to sit back. On the contrary: The bug bounty test operation of BBS will be continued as an ongoing program, as the cooperation with the ethical hackers definitely yielded indications of possible optimizations that can be used to further improve the security of all systems. This underlines how seriously Sherpany takes the protection of customer data. «Security is a continuous process», explains Mathias Brenner. «With the ongoing use of a bug bounty program, we prove that we have internalized this process.»
Florian Badertscher, CTO of Bug Bounty Switzerland, is not at all upset about the lost bet: «Our goal is a secure Switzerland and the so-called Digital Trust. We are therefore pleased that Sherpany won the bet», he explains. «Sherpany was thus able to prove that a high investment in security pays off and that secure systems are definitely possible. Even though no critical bugs were found, our hackers were still able to help Sherpany. Of course, we are particularly pleased about that. The continuation of the bug bounty program helps to maintain the level of the platform in the future, improve the security of the entire company and thus strengthen customer confidence.»
More about our customer Sherpany
Sherpany is the Swiss market leader for meeting management software. Since its founding in 2011, CEO Tobias Häckermann has pursued the goal of creating a world where every meeting counts. Sherpany software is based on the proprietary Azend framework, which was created using the latest findings from meeting science and highlights best practices. More than 300 European companies are already using Sherpany with the aim of making their business-relevant meetings more productive and thereby increasing corporate success. According to a jury of international investors, Sherpany is one of the best scale-ups in Switzerland with the potential to become a unicorn. Sherpany employs over 150 people in six locations in Europe and remotely in 19 countries around the world.