Over a two-week period hackers will be invited to identify vulnerabilities in government IT systems, receiving a financial reward for any bugs they find.  

The pilot project, which began on Monday, will target two government IT systems: The Federal Department of Foreign Affairs and Parliamentary Services. Only hackers known to the National Cybersecurity Centre (NCSC) or its project partner Bug Bounty Switzerland and who have proven their worth in other projects will be invited to participate in this test phase. 

A cloud technology platform developed in partnership with Microsoft will be used for the bug bounty experiment. 

“The test should provide a basis for discussing the future use of bug bounty programmes,” the NCSC said on Monday. 

This is not the first experiment of this kind for a public service. In 2019, Swiss Post used a bug bounty scheme to test its e-voting system. Rewards of up to CHF50,000 ($55,380) were offered for identifying critical vulnerabilities. The experiment helped detect an error in the source code that was thought to be fixed and which rendered the e-voting system incompatible with legal security requirements. 

In compliance with the JTI standards

More: SWI swissinfo.ch certified by the Journalism Trust Initiative