If you have any further questions, please contact media@bag.admin.ch.
| Question | Answer |
|---|---|
| How does the public security test work? | The public security test started on 31 May 2021 and aims to provide full transparency. Test results are reported via the NCSC website where there is a form for entering detailed information. The NCSC receives these reports, evaluates their contents, prioritises them according to their criticality and, if necessary, arranges remedies. Existing feedback is publicly available on the NCSC website and is updated daily. |
| Why conduct a public security test? | The purpose of the public security test is to increase the security of the Covid Certificate system, build and share knowledge and ensure transparency. On the one hand, reports of test results/observations can directly contribute to improving Covid Certificate's security. On the other hand, independent experts can acquire expertise and knowledge in using a decentralised proximity tracing model. |
| What is the aim of the public security test? | The Swiss population should be guaranteed the maximum possible level of privacy protection when using the Covid Certificate app. The entire system should therefore offer a high standard of security. This public test will allow the system to be tested in detail. The public security test is one of many security measures. |
| What exactly can be tested? Where is the source code published? |
Documents related to the Covid 19 certificate system in Switzerland can be found on Github:
|
| Who can take part in the public security test? | Anyone, both in Switzerland and abroad, who wants to contribute to increasing the security of the proximity tracing system can take part in the public security test. |
| Is registration required in order to take part in the public security test? | No registration is necessary. Test results can be reported directly via the NCSC website without registering. When reporting test results, contact data can be entered voluntarily. This enables the NCSC to contact participants in case of questions. |
| What happens if a critical error is discovered? | The NCSC receives the test results, evaluates their contents, prioritises them according to their criticality and, if necessary, arranges remedies. If a test result or its impact is assessed as critical, its remediation is prioritised accordingly. |
| Are the test results published? | Existing feedback is publicly available on the NCSC website and is updated regularly. |
| Is the public security test being conducted due to the increased parliamentary interest? | No. The public security test is one of many security measures to ensure the security and integrity of the proximity tracing system (SwissCovid app and associated peripheral systems) and was included early on in the project planning. This is in line with the standard procedure for such projects and systems. |
| Do the participants in the public security test have to sign a non-disclosure agreement? | No. There is also no need to register or login. Please note the following important scope and rules of engagement for the test. |
| How long does the test last? |
The security of the APP is in the foreground, which is why a start date has been set first. To give the security experts enough time to check the systems, no end date has been defined yet. |
Last modification 31.05.2021
