https://github.com/antoinet/swiss-bugbounty-programs
List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
https://github.com/antoinet/swiss-bugbounty-programs
bug-bounty bugbounty security switzerland vulnerability-management
Last synced: 5 months ago
JSON representation
List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland
- Host: GitHub
- URL: https://github.com/antoinet/swiss-bugbounty-programs
- Owner: antoinet
- Created: 2021-10-27T20:17:45.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2025-03-15T09:25:59.000Z (over 1 year ago)
- Last Synced: 2025-03-15T10:25:54.511Z (over 1 year ago)
- Topics: bug-bounty, bugbounty, security, switzerland, vulnerability-management
- Homepage:
- Size: 37.1 KB
- Stars: 72
- Watchers: 8
- Forks: 15
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
This website is an attempt to list open bug bounty and coordinated vulnerability disclosure programs in Switzerland. Feel free to contribute by submitting PRs.
This listing is best viewed on [github pages](https://antoinet.github.io/swiss-bugbounty-programs/).
## Bug Bounty Program
| Company / Org | Visibility | Scope | CH Legal Safe Harbor | Notes / Comments |
| ------------- | ------------- | ------------ | -------------------- | ---------------- |
| [20min.ch](https://bugcrowd.com/twentyminuten) | public | selected systems | | US based Legal Safe Harbor |
| [Abraxas](https://www.bugbounty.ch/abraxas) | public | selected systems | yes | [Public Blog](https://blog.abraxas.ch/de) about their Bug Bounty experiences |
| [Abraxas](https://www.abraxas.ch/bugbounty) | semi-public | selected systems | yes | |
| [Airlock](https://hackerone.com/airlock) | semi-public | selected systems | | |
| [BLS AG](https://app.gobugfree.com/programs/bls/protected) | semi-public | selected systems | yes | |
| [Compass Security](https://bugbounty.compass-security.com/bug-bounties/compass-bug-bounty) | public | organization | yes | |
| [fidentity AG](https://app.gobugfree.com/programs/fidentity) | public | selected systems | yes | |
| [GObugfree](https://app.gobugfree.com/programs/bbh) | public | selected systems | yes | |
| [Hacking-Lab](https://bugbounty.compass-security.com/bug-bounties/hacking-lab-bug-bounty) | public | organization | yes | |
| [Hostpoint](https://www.hostpoint.ch/bugbounty/) | public | organization | | |
| [Just Eat](https://www.just-eat.ch/bugbounty) | public | selected systems | | |
| [localsearch](https://www.swisscom.ch/en/about/security/bug-bounty.html) | public | organization | yes | Runs as part of the Swisscom bug bounty program |
| [netplus.ch SA](https://app.gobugfree.com/programs/netplus/protected) | semi-public | selected systems | yes | |
| [Proton.me](https://proton.me/blog/protonmail-bug-bounty-program) | public | selected systems | | |
| [Proton.me](https://www.bugbounty.ch/proton/) | semi-public | selected systems | yes | semi-private incubator to scale up the existing, public program |
| [Proton VPN](https://protonvpn.com/blog/bug-bounty-program/) | public | selected systems | | |
| [Republik](https://app.gobugfree.com/programs/republik) | public | selected systems | yes | |
| [Ringier](https://go.bugbounty.ch/programs) | semi-public | selected systems | yes | |
| [Roche](https://hackerone.com/roche) | semi-public | selected systems | yes | [Hackerone Gold Standard Safe Harbor](https://docs.hackerone.com/organizations/safe-harbor-faq.html) |
| [SCIP](https://www.scip.ch/?bugbounty) | public | organization | | |
| [SIX Group](https://www.six-group.com/en/company/governance/security.html) | semi-public | organization | yes | |
| [Swiss Post](https://www.post.ch/en/about-us/responsibility/swiss-post-bug-bounty) | public | selected systems | yes | |
| [Swisscom (AS 3303)](https://www.swisscom.ch/en/about/security/bug-bounty.html) | public | organization | yes | |
| [Threema](https://app.gobugfree.com/programs/threema) | public | selected systems | yes | |
| [TX Group](https://bugcrowd.com/tamedia) | public | selected systems | | US based Legal Safe Harbor |
## Vulnerability Disclosure Policy
| Company / Org | CH Legal Safe Harbor | Notes / Comments |
| ------------- | -------------------- | ---------------- |
| [ABB Group](https://global.abb/group/en/technology/cyber-security/alerts-and-notifications) | | |
| [Bexio](https://www.bexio.com/en-CH/policies/responsible-disclosure-policy) | | |
| [Cern](https://home.cern/sites/home.web.cern.ch/files/security.txt) | | |
| [Covid-19 certificate system](https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/covid-certificate-pst/infos.html) | yes | |
| [Digitec](https://www.digitec.ch/security)/[Galaxus](https://www.galaxus.ch/security) | yes | |
| [EBU](https://www.ebu.ch/about/contact-us/vulnerability-disclosure) | | |
| [Kistler](https://www.kistler.com/en/vulnerability-disclosure-policy/) | yes | |
| [Nexthink](https://www.nexthink.com/responsible-disclosure-policy/) | | |
| [SBB CFF FFS](https://company.sbb.ch/en/sbb-as-business-partner/services/vulnerability-disclosure-policy.html) | yes | |
| [Shift Crypto](https://shiftcrypto.ch/policies/bug-bounty-policy/) | | |
| [Swiss Government](https://www.ncsc.admin.ch/ncsc/en/home/infos-fuer/infos-it-spezialisten/themen/schwachstelle-melden.html) | | |
| [SwissCovid Proximity Tracing System](https://www.ncsc.admin.ch/ncsc/en/home/dokumentation/covid-public-security-test/infos.html) | yes | |
## security.txt
| Company / Org | Notes / Comments |
| ------------- | ---------------- |
| [Abraxas](https://www.abraxas.ch/.well-known/security.txt) | |
| [Abuse.ch](https://abuse.ch/.well-known/security.txt) | |
| [Compass Security](https://www.compass-security.com/.well-known/security.txt) | |
| [Cyon](https://www.cyon.ch/.well-known/security.txt) | |
| [Digitec](https://www.digitec.ch/.well-known/security.txt) | |
| [FAIRTIQ](https://fairtiq.com/.well-known/security.txt) | |
| [Galaxus](https://www.galaxus.ch/.well-known/security.txt) | |
| [Hacking-Lab](https://hacking-lab.com/.well-known/security.txt) | |
| [Hostpoint](https://hostpoint.ch/.well-known/security.txt) | |
| [Infomaniak](https://www.infomaniak.com/security.txt) | |
| [International Labour Organization](https://ilo.org/.well-known/security.txt) | |
| [Open Systems](https://www.open-systems.com/.well-known/security.txt) | |
| [Pentagrid](https://www.pentagrid.ch/.well-known/security.txt) | |
| [Pädagogische Hochschule Zürich](https://phzh.ch/.well-known/security.txt) | |
| [Quickline (AS 15600)](https://www.as15600.net/.well-known/security.txt) | |
| [Raiffeisen Schweiz Genossenschaft](https://www.raiffeisen.ch/.well-known/security.txt) | |
| [Redguard](https://www.redguard.ch/.well-known/security.txt) | |
| [Roche](https://www.roche.com/.well-known/security.txt) | |
| [Rolex](https://www.rolex.com/.well-known/security.txt) | |
| [Seantis](https://www.seantis.ch/.well-known/security.txt) | |
| [SwissAnwalt](https://swissanwalt.ch/.well-known/security.txt) | |
| [Swisscanto](https://www.swisscanto.com/.well-known/security.txt) | |
| [Schwyz (Canton)](https://www.sz.ch/.well-known/security.txt) | |
| [Swissquote Bank](https://en.swissquote.com/.well-known/security.txt) | |
| [SWITCH (AS559)](https://www.switch.ch/.well-known/security.txt) | |
| [Zürcher Kantonalbank (ZKB)](https://www.zkb.ch/.well-known/security.txt) | |