The Swiss government has just
announced a CHF250,000 investment in a new bug bounty program to prevent voting
manipulation. Swiss Post will let professional ethical hackers attack its
system for a month to ensure the e-voting system is secure, glitch free and can
be made available across the country, reads
a press release on the Swiss Post website. Once the system is considered bug
free, Swiss citizens will get their voting cards in the mail.
A pen test to check security has
already been performed by “an accredited body.” Swiss security company SCRT
will receive CHF100,000 for helping with the program. The project, to run from
February 25 to March 24, is open to global applicants who could win up to CHF50,000,
depending on the front-end or back-end weaknesses detected. The financial
prizes will be decided by Swiss Post, not the federal government.
Participants will give it their
best to alter server security, steal data and influence votes. So far more than
1,000 participants are registered from Switzerland, (30%), France (17%), the
United States (5%), Germany (5%) and Canada (4%), according
to Security Week.
Online voting trials have been
ongoing since 2004, but Swiss Post has finally released an e-voting system that
can be 100% tested for bugs to ensure “that systematic malfunction resulting from
software errors, human error or attempted manipulation is detected. In
accordance with the requirements of federal law, the system must be certified
before first use and the source code must be disclosed.”
Software penetration testing to
search for hidden system vulnerabilities has been widely adopted by
organizations and government agencies worldwide, including the Pentagon and the
US army, to strengthen national security.