Bug Bounty and Public Trust programs from Abraxas for software for a digital Switzerland
Abraxas develops IT solutions for a secure digital Switzerland. For this it supplies technology to strengthen administrative processes at the levels of the commune, the canton and the federal state.
Transparency is the best protection against cyber risks. Therefore we invite you to take part in the Abraxas Bug Bounty program for one of the following systems:
1) Results determination system
VOTING determination is the process of recording, calculating and evaluating the results of democratic elections and referendums. It is normally available only via a private network.
Premiums of up to CHF 30,000.– (depending on the criticality and the scenario) are on offer.
2) Offline service for creation of data for printing legally valid voting identity cards
VOTING identity card generation is the offline process for generating and saving the data for printing legally valid voting identity cards. The software is installed on an Airgap laptop, the identity cards are encrypted and digitally signed. Premiums of up to CHF 5,000.– (depending on the criticality) are on offer
3) VOTING Stimmregister
In the VOTING Stimmregister system, electoral registers from municipalities are consolidated at the cantonal level. This system is used, for example, for the central processing of voting rights certificates. Thus, VOTING Stimmregister is a central component of the electoral and voting process for various cantons of Switzerland.
Premiums of up to CHF 30,000.– (depending on the criticality and the scenario) are on offer.
These systems operate so as to ensure no-one can interfere in the processes of digital Switzerland and put at risk the security of administration and the citizens!
You…
… are looking for an interesting project which allows you to get involved in the bigger picture
… are a security researcher with a responsible attitude and you care about digital Switzerland and administrative processes that are close to the people
… are seeking further professional development and you love a challenge
… place great value on an optimum return on investment of your time
… want to progress your career and market value as a security researcher
We…
… offer a dialog for technical analysis of your findings, conducted between equals within a short time
… will pay attractive premiums (bounties) for reports that are accepted
… work to fair rules and take transparent decisions
… will place the code and findings in the public domain on GitHub and will be happy to acknowledge your contribution
Your focus
- Breaches in security which put the public authorities – and hence all of us – at risk
- Reviewing the source code and other elements
- Compliance and adherence to the rules described in the “Code of Conduct” and “Bug Bounty and Code Disclosure Policy” documents
- Constructive cooperation with #TeamAbraxas
Participate now
These are public programs – but registration is required as a condition of participation. We guarantee a “Legal Safe Harbour” for all attempts within our guidelines to break into our systems during the course of your work. You can find this guarantee on the application page for the respective program.
To apply for the Bug Bounty program for VOTING Ausmittlung:
To apply for the Bug Bounty program for VOTING Stimmunterlagen Offline:
To apply for the Bug Bounty program for VOTING Stimmregister: