Improving Security Maturity with Bug Bounties

The development in IT causes systems to constantly increase in size and complexity. This leads to great problems for security teams as new attack vectors keep surfacing constantly. Building up the necessary know-how to prevent potential attacks is challenging with the limited size of internal resources.

To counteract this, Swiss Post pursues the goal of using participative security to utilize the know-how of internal and external security communities to continually improve our products.

One of these measures are bug bounty programs. With the help of bug bounties, we were able to see an overall improvement of the maturity of Swiss Posts online services over the last years.

In this talk I will show how we at Swiss Post manage our bug bounties, what we learned from our beginnings and where we are standing today.