Canton of St.Gallen
Bug Bounty programs for critical applications of the Canton of St.Gallen – with clear rules and fair rewards.
Bug Bounty and Vulnerability Disclosure Programs
Call for Participation
We have numerous private programs not listed here.
If you think we should include you, don't hesitate to contact us.
We also have many customers who use the Vulberability Disclosure Program (VDP).
Register as Hacker Vulnerability Disclosure Program (VDP)
Anzahl empfangene Sicherheitslücken
Signal-to-Noise Ratio
Durchschnittlicher Schweregrad (CVSS)
123456
123456
123456
Agov
AGOV is the login for Swiss public authorities. AGOV can be used for services of the Federal Administration as well as for cantonal and municipal authorities in Switzerland. For example, to file tax declarations. AGOV is a service provided by the Federal Administration and has been available in initial authority applications since the beginning of 2024. To support the effort to protect the user´s login data and help build a more secure Internet, we invite everyone, citizens, users, security researchers, cryptographers and hackers to join our Bug Bounty program.
Bug Bounty Switzerland
Bug Bounty Switzerland runs a Bug Bounty program for its Vulnerability Collaboration Platform – of course!
Federal Administration
The National Cybersecurity Centre (NCSC) runs several Bug Bounty programs for the Swiss Federal Administration. We invite security researchers, cryptographers and ethical hackers with experience searching for and identifying advanced vulnerabilities to join these programs.
- Web Applications
- API’s
- Critical infrastructure and systems of the Federal Administration
Airlock
Airlock Secure Access Hub protects more than 30,000 web applications worldwide. This is a private bug bounty program in which the security features of the Web Application Firewall (WAF) solution are put to the test.
This program is built in the style of a CTF competition. We offer various challenges around web application vulnerabilities and we financially reward exploits that solve these challenges. You need to be invited to the program in order to get access to the challenges.
Abraxas Public Trust Program
- Access to attractive programs, mainly from the field of government services
- Insight into various domains such as elections and voting in Switzerland
- Partially incl. source code access
- Different system types and technologies available. From web to native applications
- Fair rewards up to CHF 30k
Ringier
There are several private Bug Bounty Programs run by Bug Bounty Switzerland on behalf of Ringier.
- Webapps & Backend
- Mobile Apps
«In our case, highly critical security vulnerabilities were found within a few hours. We would recommend every SME to also do a reality check with Bug Bounty Switzerland. This is the only way to really stay one step ahead of cybercriminals.»
Bettina Wüest,
Member of the Executive Board, Bernerland Bank AG and client of Bug Bounty Switzerland
«Bug Bounty Programs are effective and cost-efficient, and as such can make an important contribution to the security of businesses and infrastructure here in this country.»
Florian Schütz,
Director of the National Cyber Security Centre (NCSC)
«Traditional security tests are only effective to a limited extent. Very effective and innovative, on the other hand, is collaborating with ethical hackers, who work with us to massively increase system and application security.»
Manuel Häfliger,
CISO, Head of Cyber Security at BKW AG, client of Bug Bounty Switzerland
«When we started our Bug Bounty Program at Swiss Post, we rapidly found 50 critical security vulnerabilities. The precise reproduction instructions enabled us to fix them quickly and reduce the risks.»
Marcel Zumbühl,
CISO of Swiss Post Group and Co-President of Information Security Society Switzerland (ISSS), Member of the Advisory Board Bug Bounty Switzerland
More about Marcel Zumbühl
In recent years, the trend in the financial industry has been moving more and more in the direction of Continuous Delivery & Continuous Deployment. You have to stay up to date all the time. Therefore, it makes sense to supplement traditional pentests with a bug bounty program and even replace them where it makes sense.
Marcello Bellini,
IT Security Manager at Baloise Group
More about Marcello Bellini
«Bug Bounty is one of the most efficient ways to protect against cyberattacks. This is because it is the best method for stress testing under real-world conditions. Moreover, it is cost-efficient, as you only pay when you find something, compared to traditional penetration tests.»
Erik Dinkel,
Chief Information Security Officer (CISO) at University Hospital Zurich (USZ)
More about Erik Dinkel
We'll help you, let's chat about how!
Let's meet for a virtual coffee. Via calendly you can book yourself directly into our calendar. Try it out.
Schedule meeting