If you have any further questions, please contact media@bag.admin.ch.
| Question | Answer |
|---|---|
| How does the public security test work? | The public security test started on 28 May 2020 and aims to provide full transparency. Test results are reported via the NCSC website where there is a form for entering detailed information. The NCSC receives these reports, evaluates their contents, prioritises them according to their criticality and, if necessary, arranges remedies. Existing feedback is publicly available on the NCSC website and is updated daily. |
| Why conduct a public security test? | The purpose of the public security test is to increase the security of the SwissCovid system, build and share knowledge and ensure transparency. On the one hand, reports of test results/observations can directly contribute to improving SwissCovid's security. On the other hand, independent experts can acquire expertise and knowledge in using a decentralised proximity tracing model. |
| Why is the NCSC conducting the public security test? | The Federal Office of Public Health FOPH commissioned the National Cybersecurity Centre NCSC to conduct the public security test for the proximity tracing system. The NCSC's mandate, led by the Federal Delegate for Cybersecurity, is to protect the public and businesses against cyber-risks and to increase the security of the Federal Administration's IT systems. |
| What is the aim of the public security test? | The Swiss population should be guaranteed the maximum possible level of privacy protection when using the SwissCovid app. The entire proximity tracing system should therefore offer a high standard of security. This public test will allow the proximity tracing system to be tested in detail. The public security test is one of many security measures. |
| What exactly can be tested? Where is the source code published? | All information on the Public Security Test is listed on the NCSC website. The components are all open source and can be found in the following repositories: New Components for SwissCovid 2.0:App backend CrowdNotifier: QR-Code Web-Landingpage: Existing & adapted for SwissCovid 2.0:Android repository: iOS repository: App config backend: Covidcode backend: Existing, not adapted:App backend ExposureNotifications: Covidcode Frontend: |
| Who can take part in the public security test? | Anyone, both in Switzerland and abroad, who wants to contribute to increasing the security of the proximity tracing system can take part in the public security test. |
| Is registration required in order to take part in the public security test? | No registration is necessary. Test results can be reported directly via the NCSC website without registering. When reporting test results, contact data can be entered voluntarily. This enables the NCSC to contact participants in case of questions. |
| What happens if a critical error is discovered? | The NCSC receives the test results, evaluates their contents, prioritises them according to their criticality and, if necessary, arranges remedies. If a test result or its impact is assessed as critical, its remediation is prioritised accordingly. |
| Are the test results published? | Existing feedback is publicly available on the NCSC website and is updated daily. |
| Is the public security test being conducted due to the increased parliamentary interest? | No. The public security test is one of many security measures to ensure the security and integrity of the proximity tracing system (SwissCovid app and associated peripheral systems) and was included early on in the project planning. This is in line with the standard procedure for such projects and systems. |
| Do the participants in the public security test have to sign a non-disclosure agreement? | No. There is also no need to register or login. Please note the following important scope and rules of engagement for the test. |
| What is the difference between the public security test and the pilot operation of the SwissCovid app? | During the pilot operation, the emphasis is on testing the user-friendliness and functionality of the SwissCovid app. The public security test, on the other hand, tests the associated peripheral systems of the SwissCovid app and the main focus is on security aspects. |
Last modification 08.06.2021
