Bug Bounty Switzerland
Bug Bounty Switzerland runs a Bug Bounty program for its Vulnerability Collaboration Platform – of course!
Semi-Public Bug Bounty Programs
Call for Participation
Make up your own mind and participate in our programs! For those listed below we are actively looking for participants and gladly invite specifically suitable hackers and security researchers.
We have many private programs running not listed here - if you think we should have you on board, don't hesitate to reach out to us!
Register as Hacker
Anzahl empfangene Sicherheitslücken
Signal-to-Noise Ratio
Durchschnittlicher Schweregrad (CVSS)
123456
123456
123456
Federal Administration
The National Cybersecurity Centre (NCSC) runs several bug bounty programs for the Swiss Federal Administration. We invite security researchers, cryptographers and ethical hackers with experience searching for and identifying advanced vulnerabilities to join these programs.
- Web Applications
- API’s
- Critical infrastructure and systems of the Federal Administration
Airlock
Airlock Secure Access Hub protects more than 30,000 web applications worldwide. This is a private bug bounty program in which the security features of the Web Application Firewall (WAF) solution are put to the test.
This program is built in the style of a CTF competition. We offer various challenges around web application vulnerabilities and we financially reward exploits that solve these challenges. You need to be invited to the program in order to get access to the challenges.
Proton
Participate in Proton’s mission to secure their user’s private data online. We invite sophisticated security researchers, cryptographers and hackers with experience searching for and identifying advanced vulnerabilities to join this program.
- Scope: Webapps & Backend, Mobile Apps, Source Code
- Early and exclusive access to upcoming version
- Bounties up to CHF 30k
Abraxas VOTING
- early and exclusive access to VOTING (a system to manage ballots and aggregate tallied votes)
- incl. source code of the entire system
- user accounts with different privileges
- fair bounties up to CHF 10k
Ringier
There are several private Bug Bounty Programs run by Bug Bounty Switzerland on behalf of Ringier.
- Webapps & Backend
- Mobile Apps
«In our case, highly critical security vulnerabilities were found within a few hours. We would recommend every SME to also do a reality check with Bug Bounty Switzerland. This is the only way to really stay one step ahead of cybercriminals.»
Bettina Wüest,
Member of the Executive Board, Bernerland Bank AG and client of Bug Bounty Switzerland
«Bug Bounty Programs are effective and cost-efficient, and as such can make an important contribution to the security of businesses and infrastructure here in this country.»
Florian Schütz,
Federal Delegate for Cybersecurity and Director of the National Center for Cybersecurity (NCSC)
«Traditional security tests are only effective to a limited extent. Very effective and innovative, on the other hand, is collaborating with ethical hackers, who work with us to massively increase system and application security.»
Manuel Häfliger,
CISO, Head of Cyber Security at BKW AG, client of Bug Bounty Switzerland
«When we started our Bug Bounty Program at Swiss Post, we rapidly found 50 critical security vulnerabilities. The precise reproduction instructions enabled us to fix them quickly and reduce the risks.»
Marcel Zumbühl,
CISO of Swiss Post Group and Co-President of Information Security Society Switzerland (ISSS), Member of the Advisory Board Bug Bounty Switzerland
More about Marcel Zumbühl
In recent years, the trend in the financial industry has been moving more and more in the direction of Continuous Delivery & Continuous Deployment. You have to stay up to date all the time. Therefore, it makes sense to supplement traditional pentests with a bug bounty program and even replace them where it makes sense.
Marcello Bellini,
IT Security Manager at Baloise Group
More about Marcello Bellini
«Bug Bounty is one of the most efficient ways to protect against cyberattacks. This is because it is the best method for stress testing under real-world conditions. Moreover, it is cost-efficient, as you only pay when you find something, compared to traditional penetration tests.»
Erik Dinkel,
Chief Information Security Officer (CISO) at University Hospital Zurich (USZ)
More about Erik Dinkel
We'll help you, let's chat about how!
Let's meet for a virtual coffee. Via calendly you can book yourself directly into our calendar. Try it out.
Schedule meeting