Bug bounties to become part of Swiss cyber-security arsenal
After a pilot project in 2021, authorities now want to systematically draw on the skills of “ethical hackers” to find flaws in government IT systems.
“Often, standardised security tests are no longer sufficient to uncover hidden loopholes” in official websites or software components, the finance ministry wroteExternal link on Wednesday.
As a result, a centralised platform for bug bounty programmes – initiatives which offer financial rewards to hackers to identify cyber vulnerabilities – will be set up and run by the National Cybersecurity Centre (NCSC). This latter will work with Bug Bounty Switzerland SA, a company with expertise in the area and a large existing community of ethical hackers.
The goal is to extend the schemes to cover “as many Federal Administration systems as possible”, with the first projects to start already this year, the finance ministry said.
The decision follows a pilot project run over two weeks in May 2021 which uncovered ten vulnerabilities – one of them critical – in the IT systems of the foreign ministry and the parliament.
A 2019 bug bounty programme also found an error in the source code of the e-voting system developed by state-owned Swiss Post, marking a major setback in plans to roll out e-voting more widely for Swiss citizens at home and abroad.
In compliance with the JTI standards
More: SWI swissinfo.ch certified by the Journalism Trust Initiative
Contributions under this article have been turned off. You can find an overview of ongoing debates with our journalists here. Please join us!
If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at english@swissinfo.ch.