johannlaqua/swiss-bugbounty-programs

List of bug bounty and coordinated vulnerability disclosure programs of companies/organisations in Switzerland

This website is an attempt to list open bug bounty and coordinated vulnerability disclosure programs in Switzerland. Feel free to contribute by submitting PRs.

This listing is best viewed on github pages.

Bug Bounty Program

Company / Org	Visibility	Scope	CH Legal Safe Harbor	Notes / Comments
20min.ch	public	selected systems		US based Legal Safe Harbor
Airlock	semi-public	selected systems
BLS AG	semi-public	selected systems	yes
fidentity AG	public	selected systems	yes
GObugfree	public	selected systems	yes
Just Eat	public	selected systems
localsearch	public	organization		Runs as part of the Swisscom bug bounty program
netplus.ch SA	semi-public	selected systems	yes
Proton.me	public	selected systems
Proton.me	semi-public	selected systems	yes	semi-private incubator to scale up the existing, public program
Proton VPN	public	selected systems
Republik	public	selected systems	yes
Ringier	semi-public	selected systems	yes
Roche	semi-public	selected systems
SCIP	public	organization
SIX Group	semi-public	organization	yes
Swiss Post	public	selected systems	yes
Swisscom (AS 3303)	public	organization
Threema	public	selected systems	yes
TX Group	public	selected systems		US based Legal Safe Harbor

Vulnerability Disclosure Policy

Company / Org	CH Legal Safe Harbor	Notes / Comments
ABB Group
Bexio
Cern
Covid-19 certificate system	yes
EBU
Kistler	yes
Nexthink
SBB CFF FFS	yes
Shift Crypto
Swiss Government
SwissCovid Proximity Tracing System	yes

security.txt

Company / Org	Notes / Comments
Abuse.ch
Cyon
Digitec
Galaxus
Open Systems
Pädagogische Hochschule Zürich
Quickline (AS 15600)
SwissAnwalt
Schwyz (Canton)
SWITCH (AS559)