Bug Bounty Program for the Swiss Digital identity and Trust Infrastructure
The e-ID is the state-issued digital identity card, provided via the swiyu Wallet. The e-ID and the swyu Trust Infrastructure establish a digital foundation of trust that gives residents of Switzerland and Swiss citizens abroad full control over their personal data.
Why we want you
- We place special emphasis on the security, integrity and availability of our systems and thus also on those of our customers, employees and partners.
- We welcome experts outside the Federal Administration that would like to share their knowledge and experience to improve the project’s security.
- Through our public Program, we aim to further strengthen trust in and acceptance of the e-ID and the swiyu Trust Infrastructure.
What you can expect
- A technically challenging solution to test, a Public Beta environment, open source code and technical documentation to help conduct research.
- A dialog on equal terms, with a professional analysis of your findings and prompt responses.
- Bounties depending on the technical impact of the reported vulnerability, the business criticality of the impacted system or data, and the quality of the documentation provided.
- A constructive dialogue, fair rules and a legal safe harbor.
Key focus areas include
- swiyu Public Beta Trust Infrastructure with Android and iOS apps, generic components and registers.
- An architecture designed for decentralised data storage using DID’s and verifiable credentials.
- Implementation of open standards such as Verifiable Credentials, Decentralised Identifiers, as well as OpenID for Verifiable Credential Issuance and Verifiable Presentations.
We value the work of security researchers aiming to improve the security of our products and services and encourage the community to participate in our Bug Bounty Program. Apply now!