M5: Vulnerability detection and prevention

Description
Early detection of vulnerabilities in federal IT:
Bug bounty programmes complement existing security measures by working with ethical hackers to help identify, document and eliminate potential vulnerabilities in IT systems and applications at an early stage.

Responsibility
National Cyber Security Centre (NCSC)
ncs@ncsc.admin.ch

Information
Bug Bounty Switzerland

Description
The Coordinated Vulnerability Disclosure (CVD) approach to be set up and promoted for the preventive detection and prevention of vulnerabilities and increase resilience to cyberthreats in the Federal Administration and Switzerland.

Responsibility
National Cyber Security Centre (NCSC)
ncs@ncsc.admin.ch

Information
Coordinated Vulnerability Disclosure (CVD)

Description
Examine how the CRA can be implemented in Switzerland.

Responsibility
National Cyber Security Centre (NCSC)
ncs@ncsc.admin.ch

Description
Increase Switzerland's testing capacities for digital products.

Responsability
National Test Institute for Cybersecurity NTC

Information
National Test Institute for Cybersecurity NTC

Description
OFCOM monitors standardisation activities in the cybersecurity domain, in particular with regard to the European Commission's mandate to the European standardisation organisations to support the Cyber Resilience Act (CRA).

Responsability
Federal Office of Communications (OFCOM)
info@bakom.admin.ch

Information
Federal Office of Communications (OFCOM)

Description
A bug bounty programme was set up in 2025. Initial tests have been carried out in the ZH Web environment and discussions are currently being held with the City of Zurich as a potential implementation partner.

Responsibility
Canton ZH
sicher@zh.ch

Description
A pilot project has been carried out with a range of stakeholders.

Responsibility
Canton ZH
sicher@zh.ch