Bug Bounty and Vulnerability Disclosure Programs

Call for Participation

We have numerous private programs not listed here.

If you think we should include you, don't hesitate to contact us.

We also have many customers who use the Vulberability Disclosure Program (VDP).

Register as Hacker Vulnerability Disclosure Program (VDP)

Anzahl empfangene Sicherheitslücken

Signal-to-Noise Ratio

Durchschnittlicher Schweregrad (CVSS)

123456
123456
123456

Bug Bounty Switzerland

Bug Bounty Switzerland runs a Bug Bounty program for its Vulnerability Collaboration Platform – of course!

Federal Administration

The National Cybersecurity Centre (NCSC) runs several Bug Bounty programs for the Swiss Federal Administration. We invite security researchers, cryptographers and ethical hackers with experience searching for and identifying advanced vulnerabilities to join these programs.

  • Web Applications
  • API’s
  • Critical infrastructure and systems of the Federal Administration

Airlock

Airlock Secure Access Hub protects more than 30,000 web applications worldwide. This is a private bug bounty program in which the security features of the Web Application Firewall (WAF) solution are put to the test.

This program is built in the style of a CTF competition. We offer various challenges around web application vulnerabilities and we financially reward exploits that solve these challenges. You need to be invited to the program in order to get access to the challenges.

Proton

Participate in Proton’s mission to secure their user’s private data online. We invite sophisticated security researchers, cryptographers and hackers with experience searching for and identifying advanced vulnerabilities to join this program.

  • Scope: Webapps & Backend, Mobile Apps, Source Code
  • Early and exclusive access to upcoming version
  • Bounties up to CHF 30k

Abraxas Public Trust Program

  • Access to attractive programs, mainly from the field of government services
  • Insight into various domains such as elections and voting in Switzerland
  • Partially incl. source code access
  • Different system types and technologies available. From web to native applications
  • Fair rewards up to CHF 30k

Ringier

There are several private Bug Bounty Programs run by Bug Bounty Switzerland on behalf of Ringier.

  • Webapps & Backend
  • Mobile Apps

«In our case, highly critical security vulnerabilities were found within a few hours. We would recommend every SME to also do a reality check with Bug Bounty Switzerland. This is the only way to really stay one step ahead of cybercriminals.»
Bettina Wüest, Member of the Executive Board, Bernerland Bank AG and client of Bug Bounty Switzerland
«Bug Bounty Programs are effective and cost-efficient, and as such can make an important contribution to the security of businesses and infrastructure here in this country.»
Florian Schütz, Director of the National Cyber Security Centre (NCSC)
«Traditional security tests are only effective to a limited extent. Very effective and innovative, on the other hand, is collaborating with ethical hackers, who work with us to massively increase system and application security
Manuel Häfliger, CISO, Head of Cyber Security at BKW AG, client of Bug Bounty Switzerland
«When we started our Bug Bounty Program at Swiss Post, we rapidly found 50 critical security vulnerabilities. The precise reproduction instructions enabled us to fix them quickly and reduce the risks
Marcel Zumbühl, CISO of Swiss Post Group and Co-President of Information Security Society Switzerland (ISSS), Member of the Advisory Board Bug Bounty Switzerland
More about Marcel Zumbühl
In recent years, the trend in the financial industry has been moving more and more in the direction of Continuous Delivery & Continuous Deployment. You have to stay up to date all the time. Therefore, it makes sense to supplement traditional pentests with a bug bounty program and even replace them where it makes sense.
Marcello Bellini, IT Security Manager at Baloise Group
More about Marcello Bellini
«Bug Bounty is one of the most efficient ways to protect against cyberattacks. This is because it is the best method for stress testing under real-world conditions. Moreover, it is cost-efficient, as you only pay when you find something, compared to traditional penetration tests.»
Erik Dinkel, Chief Information Security Officer (CISO) at University Hospital Zurich (USZ)
More about Erik Dinkel

We'll help you, let's chat about how!

Let's meet for a virtual coffee. Via calendly you can book yourself directly into our calendar. Try it out.

Schedule meeting