Federal Department of Foreign Affairs FDFA
Federal Department of Foreign Affairs FDFA

Successful bug bounty pilot project in Federal Administration

Press releases, 01.07.2021

From 10 to 21 May 2021, the National Cybersecurity Centre (NCSC) conducted a bug bounty pilot project in collaboration with Bug Bounty Switzerland GmbH, the Federal Department of Foreign Affairs (FDFA) and Parliamentary Services (PS). The project was very successful and the lessons learned are to be incorporated into the implementation of further bug bounty programmes in the Federal Administration.

The purpose of bug bounty programmes is to identify, document and remedy any vulnerabilities in IT systems and applications in cooperation with ethical hackers. A total of 15 ethical hackers commissioned by the Confederation took part in this pilot project.

Ten security vulnerabilities discovered

For the pilot project, ethical hackers scanned a total of six IT systems of the FDFA and Parliamentary Services for any security vulnerabilities. Overall, ten security vulnerabilities were reported to the NCSC. One of these turned out to be critical, seven were classified as medium and two as low. All of the vulnerabilities were immediately eliminated by the competent providers. The ethical hackers then verified and confirmed the successful elimination of the vulnerabilities.

Positive conclusion

The pilot project demonstrated that vulnerabilities in IT systems and applications can be efficiently identified and remedied by means of bug bounty programmes. The return on investment was found to be high. A bug bounty programme for the Federal Administration, operated by the NCSC, makes an important contribution to reducing the Confederation's cyber-risk exposure.

Based on the experience gained with the pilot project and the lessons learned by all those involved, the NCSC intends to continuously expand the bug bounty programme to as many Federal Administration systems as possible.

Consequently, the procurement process is to be launched as soon as possible. In the meantime, several other companies in Switzerland also offer bug bounty programmes in addition to Bug Bounty Switzerland GmbH. In order to ensure neutrality in the procurement process, Florian Schütz, the Federal Cybersecurity Delegate, is thus stepping down from the Advisory Board of Bug Bounty Switzerland.

Pilotprojekt «Bug Bounty-Programm der Bundesverwaltung» - Abschlussbericht(pdf, 207kb)

Address for enquiries:

NCSC Communications
ncsc-media@gs-efd.admin.ch
Tel. 058 46 50 464

Publisher:

Federal Department of Finance
Federal Department of Foreign Affairs

Last update 19.07.2023

  • Information for the media

    FDFA Communication answers media queries Mondays to Fridays during office hours and operates a weekend emergency on-call service.

Contact

FDFA Communication

Federal Palace West
3003 Bern

Phone (for journalists only):
+41 58 460 55 55

Phone (for all other requests):
+41 58 462 31 53

kommunikation@eda.admin.ch

Start of page
Swiss representations abroad
Federal Administration online
Federal Department of Foreign Affairs FDFA