Crowdsourced Security by YesWeHack Helps Swiss Post to Secure Switzerland’s Digital Trust With Rewards up to 230K Euros
YesWeHack, Europe’s leading Bug Bounty platform, is proud to partner with Swiss Post to review Switzerland’s future e-voting system. Recently, Swiss Post announced the publication of the revised source code and the launch of its public bug bounty program for the upcoming e-voting system for Switzerland. The security review is entering into a new phase, with the company inviting researchers worldwide to examine the underlying cryptographic principles for errors and test over 150,000 lines of dense code.
Swiss Post is Switzerland’s national postal organisation. Now the organisation is expanding its leadership by the digitalisation of the Swiss voting system.
E-voting was first introduced in Switzerland on a limited basis in 2003 as part of ongoing tests. E-voting systems must meet high requirements following federal legal provisions on security, reliability, voting secrecy, and verifiability. These form the framework for the system architecture. These systems need to withstand countless quality tests and simulated hacker attacks to be approved for real votes. Only a transparent e-voting solution can be successful in the long term. Hence, relying on cooperation with independent security experts to develop and improve the system continuously is crucial.
The UK is no exception. While the House of Commons had to use e-voting for the first time in its 200-year history due to the pandemic, network security concerns remain a barrier for permanent adoption. This challenge is reflected in the UK’s slow movement towards providing secure online voting to all, as recommended by the UK’s Digital Democracy Commission in 2015. The future of effectively introducing e-voting relies heavily on acknowledging and addressing the cybersecurity concerns involved. Following Switzerland’s lead and ensuring transparency is at the heart of any system’s design will be paramount to success.
The disclosure of the future Swiss e-voting system with complete verifiability began in early 2021 and is conducted in phases. This was to ensure there was enough time to implement reported improvements. Such highly specific assets require unique skills, engaging the most trustable researchers, and only a rock-solid organisation can be entrusted with such a strategic project.
Last year, Swiss Post launched a private bug bounty program with YesWeHack, inviting over 800 global security researchers to test the e-voting system. Following its success, the organisation is moving to a public bug bounty program. To incentivise the security experts, Swiss Post will pay a relatively high reward of up to 230,000 Euros for confirmed critical vulnerabilities in e-voting.
Marcel Zumbühl, Chief Information Security Officer at Swiss Post, explains: “To attract leading experts and top hackers, we’re offering sizeable rewards for confirmed vulnerabilities in e-voting. While they are the industry norm by international standards, they are much higher than those of the average bug bounty programs at Swiss Post and in Switzerland. This is due to the scope and complexity of the e-voting system.”
In Switzerland, e-voting might be among the most vital technology components of the Swiss Confederation – as it supports the core of the Swiss direct democracy. Bug bounty programs are deemed best practice globally to support such initiatives, and organisations of all sizes are turning to them to secure their digital assets.
“The oldest, yet one of the most advanced democracies in the world relies on YesWeHack to secure this vital pillar of their democratic system. Crowdsourced security plays a crucial role in building citizen trust, and YesWeHack is proud to be the partner of choice to run Swiss Post’s bug bounty program. Without exaggerating and considering all aspects of the project, this is the most ambitious, strategic, and “sensitive” public bug bounty program ever launched. This is a strong and bold step forward. With electronic voting, the Swiss direct democracy and traditions of political rights will eventually move into the digital age in confidence,” said Guillaume Vassault-Houlière, the CEO and Co-Founder of YesWeHack.
Founded in 2015, YesWeHack is a Global Bug Bounty & VDP Platform.
YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 25,000 cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices. YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.
In addition to the Bug Bounty platform, YesWeHack also offers: support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU. For more information: www.yeswehack.com
Media Contact: Marine Magnant email@example.com
Want to discuss crowdsourced security with our experts?