Abraxas, the IT service provider for the public sector, is taking a new approach to software development: the Abraxas Security Framework now includes a bug bounty program, which the provider of the new results determination system for the cantons of St. Gallen and Thurgau is conducting together with Bug Bounty Switzerland. Transparency, collaboration and trust in the security of the system are crucial for digital democracy.
Meeting the highest security standards requires collaboration with ethical hackers and security researchers. In this way, hidden security gaps can be found that remain concealed with traditional testing methods. This process should be as transparent as possible and comprehensible to the public, so that trust in the new solution is created.
To follow this new path in software development, Abraxas started a partnership with Bug Bounty Switzerland and based on this partnership developed the Abraxas Security Framework. This now contains a bug bounty program including source code publication. It will be used for the first time in the new result determination system for elections and votes in the cantons of St. Gallen and Thurgau.
Abraxas Security Framework with bug bounty and source code release
In addition to previous audits and security tests, Abraxas’ Security Framework includes an iterative bug bounty program including source code release. This starts with a private phase, in which selected ethical hackers and security researchers from the Bug Bounty Switzerland community are invited. Afterwards, the number of participants will be continuously increased until the program becomes public and everyone can participate. In parallel, the source code will be published. Found and documented vulnerabilities will be published transparently on an ongoing basis. This is to achieve the highest possible security level and to build public trust. The private bug bounty program will start on May 23, 2022 and runs on the Swiss platform of Bug Bounty Switzerland.
Ecosystem for Vulnerability Management and Public Trust
The Bug Bounty Switzerland platform was launched in February 2021 and used for the first bug bounty project in the federal administration, which was conducted together with the National Cyber Security Center (NCSC). Since then, the platform has been further developed into the Swiss Ecosystem for Vulnerability Management & Public Trust. This enables Swiss organizations to collaborate as efficiently as possible with ethical hackers and security researchers, as well as to gain new capabilities to deal with their increasing vulnerability – across all hierarchical levels and beyond their own organizational boundaries.
Important contribution to the security of Switzerland
Bug Bounty Switzerland is very pleased to partner with Abraxas and to make an important contribution to a secure Switzerland together. If the digital transformation of Switzerland is to succeed, security and trust play a central role, especially for the public sector. With this modern, transparent and collaborative approach, the involved parties set an important signal and support the paradigm shift «security through transparency».
We are also proud to have won Abraxas’ partner evaluation and clearly stand out from the strong international competition with our holistic offering and unique wealth of experience in building organization-wide bug bounty programs, as well as executing public collaboration and trust initiatives. This further strengthens our position as the Swiss market leader for bug bounty and public trust programs.
United for a secure Switzerland.