Swiss government launches bug bounty scheme for ethical hackers

Keystone / Sascha Steinbach

Over a two-week period hackers will be invited to identify vulnerabilities in government IT systems, receiving a financial reward for any bugs they find.  

This content was published on May 11, 2021

The pilot project, which began on Monday, will target two government IT systems: The Federal Department of Foreign Affairs and Parliamentary Services. Only hackers known to the National Cybersecurity Centre (NCSC) or its project partner Bug Bounty Switzerland and who have proven their worth in other projects will be invited to participate in this test phase. 

A cloud technology platform developed in partnership with Microsoft will be used for the bug bounty experiment. 

“The test should provide a basis for discussing the future use of bug bounty programmes,” the NCSC said on Monday. 

This is not the first experiment of this kind for a public service. In 2019, Swiss Post used a bug bounty scheme to test its e-voting system. Rewards of up to CHF50,000 ($55,380) were offered for identifying critical vulnerabilities. The experiment helped detect an error in the source code that was thought to be fixed and which rendered the e-voting system incompatible with legal security requirements. 

In compliance with the JTI standards

In compliance with the JTI standards

More: SWI certified by the Journalism Trust Initiative

You can find an overview of ongoing debates with our journalists here. Please join us!

If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at

Change your password

Do you really want to delete your profile?

Your subscription could not be saved. Please try again.
Almost finished... We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.

Discover our weekly must-reads for free!

Sign up to get our top stories straight into your mailbox.

The SBC Privacy Policy provides additional information on how your data is processed.