Federal Administration procures platform for bug bounty programmes

03.08.2022 - In order to increase the cybersecurity of the IT infrastructure and reduce cyber-risks effectively and cost-efficiently, the Confederation is procuring a centralised platform for bug bounty programmes. Under the auspices of the National Cybersecurity Centre (NCSC) and in collaboration with Bug Bounty Switzerland SA, ethical hackers will search the Federal Administration's IT systems for vulnerabilities.

Vulnerabilities in IT systems are the most frequent points of entry for cyberattackers. So it is all the more important that they be identified and closed as fast as possible. Once attackers have gained entry to the system via a vulnerability in the website or a software component, they can spread through the system, causing further damage. Often, standardised security tests are no longer sufficient to uncover hidden loopholes. Therefore, in future it is intended that ethical hackers will search through the Federal Administration's productive IT systems and applications for vulnerabilities as part of so-called bug bounty programmes.

The pilot project conducted in the spring of 2021 demonstrated that vulnerabilities in IT systems and applications can be efficiently identified and remedied by means of bug bounty programmes. At that time, ethical hackers scanned a total of six IT systems of the Federal Department of Foreign Affairs (FDFA) and Parliamentary Services for any security vulnerabilities.

On the basis of the experience gained in the pilot project and the insights of all participants, it was decided to expand the bug bounty programme under the auspices of the NCSC, to cover as many Federal Administration systems as possible.

In future, the NCSC will run bug bounty programmes in the Federal Administration jointly with Bug Bounty Switzerland SA. Thanks to the established bug bounty platform and Bug Bounty Switzerland's large community of ethical hackers, the necessary tools are available, so that the first Federal Administration programmes can already start this year. Bug Bounty Switzerland SA is one of the pioneers on the Swiss bug bounty scene. It has considerable expertise in running bug bounty programmes and working together with ethical hackers.

Further information

Last modification 03.08.2022

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2022/bug-bounty-plattform.html