Bug bounty programme to increase cyber-resilience in the Federal Administration

In order to increase its cyber security and reduce cyber risks effectively and cost-efficiently, the Federal Administration runs bug bounty programmes under the leadership of the National Cyber Security Centre (NCSC) and in cooperation with other administrative units and Bug Bounty Switzerland AG.

The idea behind bug bounty programmes is to work with ethical hackers to identify, document and fix vulnerabilities in IT systems and applications in a way that complements other existing cyber security measures. Unlike malicious hackers, ethical hackers follow the law and act with the consent of those affected.

The NCSC ran a pilot project in 2021, after which the bug bounty platform was procured in August 2022. Since then, the NCSC has enabled ethical hackers to contribute to federal security and expose vulnerabilities through bug bounty programmes.

Ethical hackers interested in participating in a bug bounty programme and testing the Federal Administration's systems can register at the following link: 


Current figures – Bug bounty programme results

The NCSC provides regular updates on the results of its bug bounty programmes. The experiences have been positive: the number of reports made and their content clearly show that bug bounty programmes can help to find vulnerabilities that may not be detected with conventional security testing methods. This proves that these programmes can be a useful and effective complement to conventional IT security measures and audits in the Federal Administration.

Note: The statistics are a snapshot in time. How a vulnerability report is rated may be subject to change.

Table: Reported vulnerabilities and their ratings in the past 12 months.

Date Reported Findings Rejected Low Medium High Critical Reward
2024 Q2 205 74 17 48 20 19 107’100
2024 Q1 3 3 0 0 0 0 0
2023 Q4 116 51 6 35 14 10 61'400
2023 Q3 76 24 4 26 6 16 68'000

Total reports since the start of the bug bounty programmes in August 2022

Hackers Reported Findings Rejected Low Medium High Critical Reward
47 455 177 32 126 44 45

Further Information

Last modification 03.07.2024

Top of page