18th April 2021, Kathmandu
YesWeHack, Europe’s leading crowdsourced security platform, today announced the launch of a public Bug Bounty program for Swiss Post. The national postal organization was one of the first Swiss companies to start a private Bug Bounty program in 2020 to great success. It is now opening the program up to the entire YesWeHack cybersecurity community.
Swiss Post is one of the oldest and best-known brands in Switzerland. In May 2020, the company decided to leverage the swarm intelligence of the YesWeHack community for the security of its digital products in addition to existing security tests. To do so, Swiss Post initially started with 20 selected ethical hackers and gradually invited more to join the vulnerability hunt. As a result, a few hundred ethical hackers are already bug hunting for the private program.
In a press release launched final evening (April 15), the Swiss mail provider mentioned it was providing safety researchers as much as €10,000 ($12,000) for locating vulnerabilities throughout a variety of internet companies. It comes after a non-public bug bounty program, launched in May 2020, helped determine 500 safety flaws, with payouts totaling greater than $270,000.
The public Bug Bounty program will initially start with eleven scopes, which have already had their security posture enhanced by the private one. There are plans to add more services to the program.
All services that are not yet part of Swiss Post’s public Bug Bounty program can also have vulnerabilities be reported to Swiss Post via a Vulnerability Disclosure Policy (VDP). The VDP serves as a communication channel and offers security researchers an orderly, legally secure framework for vulnerability reporting.
“Bug Bounty applies the principle of crowdsourcing to cybersecurity. Through the YesWeHack platform, companies gain access to several thousand ethical hackers who offer a versatile range of skills to cover the full spectrum of testing functions,” explains Guillaume Vassault-Houlière, CEO and co-founder of YesWeHack. “In addition, public Bug Bounty programs provide transparency and trust to customers. They demonstrate a company’s commitment to its information security and the protection of its users’ data. We are very pleased that Swiss Post, as one of the largest Swiss companies, counts on YesWeHack to help them make their digital products even more secure.”