Swiss Post launches public Bug Bounty program with YesWeHack

April 15, 2021

YesWeHack, Europe’s leading crowdsourced security platform, today announced the launch of a public Bug Bounty program for Swiss Post. The national postal organisation was one of the first Swiss companies to start a private Bug Bounty program in 2020 to great success. It is now opening the program up to the entire YesWeHack cybersecurity community.

Swiss Post is one of the oldest and best-known brands in Switzerland. In May 2020, the company decided to leverage the swarm intelligence of the YesWeHack community for the security of its digital products in addition to existing security tests. To do so, Swiss Post initially started with 20 selected ethical hackers and gradually invited more to join the vulnerability hunt. As a result, a few hundred ethical hackers are already bug hunting for the private program.

“Since the beginning of the program, we have identified 500 vulnerabilities and paid out almost CHF 250,000 in rewards.” says Marcel Zumbühl, Chief Information Security Officer at Swiss Post.

Public program gives access to 23,000 hackers

Following the success of the private program, Swiss Post is going one step further. The online services previously tested in the private program are now being transferred to a public program. Ethical hackers could previously search for security vulnerabilities by invitation only. From now on, all 23,000 ethical hackers from the YesWeHack community can participate in the program. In return, they will receive up to €10,000 in rewards for a critical vulnerability. The public Bug Bounty program will initially start with eleven scopes, which have already had their security posture enhanced by the private one. There are plans to add more services to the program.

All services that are not yet part of Swiss Post’s public Bug Bounty program can also have vulnerabilities be reported to Swiss Post via a Vulnerability Disclosure Policy (VDP). The VDP serves as a communication channel and offers security researchers an orderly, legally secure framework for vulnerability reporting.

Clear benefits of Bug Bounty: crowd power and transparency

“Bug Bounty applies the principle of crowdsourcing to cybersecurity. Through the YesWeHack platform, companies gain access to several thousand ethical hackers who offer a versatile range of skills to cover the full spectrum of testing functions,” explainsGuillaume Vassault-Houlière, CEO and co-founder of YesWeHack. “In addition, public Bug Bounty programs provide transparency and trust to customers. They demonstrate a company’s commitment to its information security and the protection of its users’ data. We are very pleased that Swiss Post, as one of the largest Swiss companies, counts on YesWeHack to help them make their digital products even more secure.”

Check out Swiss Post’s public Bug Bounty program here.


Founded in 2013, YesWeHack is the #1 European Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices. YesWeHack runs private and public programs for hundreds of organizations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers: support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.
For more information:

Media Contact : Marine Magnant

Want to discuss crowdsourced security with our experts?