29.11.2023 - During its meeting on 29 November 2023, the Federal Council adopted the report in response to postulate 20.4594 "Institutionalise ethical hacking and increase cybersecurity". The postulate requested the Federal Council to set out how ethical hacking can be institutionalised as a basis for increasing cybersecurity, and how it can be promoted within the Federal Administration and at enterprises affiliated with the Confederation.
The report first explains what is meant by "ethical hacking", and then discusses the various tools for promoting ethical hacking. These include publishing guidelines on reporting vulnerabilities, holding bug bounty programmes and carrying out public security tests. These tools to promote ethical hacking are subject to conditions, under which hackers can legally search ICT systems for vulnerabilities, report them to the authorities and in the process make a valuable contribution to cybersecurity.
The report then goes on to show that major progress has been made in the promotion of ethical hacking in Switzerland. The Confederation and many enterprises affiliated with the Confederation are already using the available tools. This positive trend should continue to be promoted and the exchange of information about detected vulnerabilities should be further strengthened.
Last modification 29.11.2023
