The Swiss government has just announced a CHF250,000 investment in a new bug bounty program to prevent voting manipulation. Swiss Post will let professional ethical hackers attack its system for a month to ensure the e-voting system is secure, glitch free and can be made available across the country, reads a press release on the Swiss Post website. Once the system is considered bug free, Swiss citizens will get their voting cards in the mail.
A pen test to check security has already been performed by “an accredited body.” Swiss security company SCRT will receive CHF100,000 for helping with the program. The project, to run from February 25 to March 24, is open to global applicants who could win up to CHF50,000, depending on the front-end or back-end weaknesses detected. The financial prizes will be decided by Swiss Post, not the federal government.
Participants will give it their best to alter server security, steal data and influence votes. So far more than 1,000 participants are registered from Switzerland, (30%), France (17%), the United States (5%), Germany (5%) and Canada (4%), according to Security Week.
Online voting trials have been ongoing since 2004, but Swiss Post has finally released an e-voting system that can be 100% tested for bugs to ensure “that systematic malfunction resulting from software errors, human error or attempted manipulation is detected. In accordance with the requirements of federal law, the system must be certified before first use and the source code must be disclosed.”
Software penetration testing to search for hidden system vulnerabilities has been widely adopted by organizations and government agencies worldwide, including the Pentagon and the US army, to strengthen national security.