In order to increase the cyber security of the IT infrastructure as well as to reduce cyber risks effectively and cost-efficiently, the federal government procured a central platform for bug bounty programs. Bug Bounty Switzerland best met the defined criteria and was awarded the contract. The first programs together with the National Cyber Security Center (NCSC) will start this year.
Security vulnerabilities in IT systems are among the most frequent entry points for cyber attacks. This makes it all the more important to discover and close vulnerabilities as quickly as possible. After all, if attackers have found their way into the system through a gap in the website or in a software component, they can potentially spread within it and cause further damage. Today, standardized security tests are often no longer sufficient to find the hidden gaps. For this reason, ethical hackers will search the federal administration’s productive IT systems and applications for vulnerabilities as part of so-called bug bounty programs.
The pilot project conducted in spring 2021 showed that vulnerabilities in IT systems and applications can be efficiently identified and remedied by means of bug bounty programs. Back then, a total of six IT systems of the Federal Department of Foreign Affairs (EDA) and the parliamentary services were scanned by ethical hackers for any security vulnerabilities.
Based on the experience gained from the pilot project and the findings of all stakeholders, it was decided to continuously expand the bug bounty program to as many federal government systems as possible under the leadership of the National Cyber Security Center (NCSC).
In the future, the National Cyber Security Center (NCSC) will conduct bug bounty programs in the federal administration together with Bug Bounty Switzerland AG. Thanks to the established bug bounty platform and the large community of ethical hackers of Bug Bounty Switzerland, the necessary tools are ready to launch the first programs of the federal administration this year already.
Bug Bounty Switzerland is one of the pioneers of the Swiss bug bounty scene. It offers a wealth of expertise in running bug bounty programs and working with ethical hackers. The experience and expertise from the founding team goes back to 2015 and includes the setup and operation of some of the largest and most well-known bug bounty programs and public trust initiatives in Switzerland.
In February 2021, Bug Bounty Switzerland launched the first Bug Bounty Platform in Switzerland. From this, the Swiss ecosystem for Ethical Hacking, Vulnerability Collaboration and Public Trust is emerging. Bug Bounty Switzerland thus builds the bridge between ethical hackers and Swiss organizations, as well as other relevant stakeholders such as public administration, authorities, critical infrastructures, universities, suppliers and SMEs.
This creates a new kind of collaboration in Switzerland far beyond organizational boundaries and builds new capacities for action in dealing with increasing vulnerability. By 2025, Bug Bounty Switzerland aims to provide all Swiss organizations with access to bug bounty programs and the collective intelligence of their community.
The strategic partnership with the National Center for Cybersecurity (NCSC) and innovative collaboration with the federal government represents an important milestone in this regard.
United for a secure Switzerland!
Bug Bounty Switzerland AG