Skip to content

Overview

Testing by independent experts makes it possible to identify vulnerabilities and improve the e-voting system.

Below are some figures on the reports that have been received by Swiss Post since the start of the community programme in early 2021. Confirmed findings are categorized according to their severity.

 

 

Total reports

849

Findings of “critical” severity

 0

Findings of “high” severity

 6

Findings of “medium” severity

 37

Findings of “low” severity

 100

Findings classed as “informative”

 129

Total rewards paid out

  € 237 300

 

This information is regularly updated (current status 18.02.2026).


You can find an overview of all reports on GitLab.

In this blog you will find a description of all confirmed findings, the severity of which Swiss Post classifies as high or critical after an in-depth technical analysis.

Examine the e-voting system

How you can contribute

  • The preferred option is for you to report your findings to us via GitLabTarget not accessible, where you will find an overview of the various reports and can participate in discussions with our e-voting team and the community.
  • Alternatively, you can enter your report by encrypted e-mail (IncaMail) or an online form.
  • As part of its bug bounty programme, Swiss Post rewards anyone who reports a confirmed vulnerability. You can apply retroactively for a reward for confirmed reports submitted via GitLab, IncaMail or the online form by entering them additionally on the bug bounty platform or submitting them directly on YesWeHack.
  • Please read the Code of Conduct before you submit a report to us.

How we check reports

Reports are analysed in detail by our specialists and then help us to improve the e-voting system. We ensure that we check and respond to every finding quickly.

The process for reporting a finding is described below:

 

  • We check reports meticulously for completeness and, if necessary, ask for more information.
  • A ticket is then created and analysed by the relevant specialist.
  • The person who reports the finding receives notification that their report is being processed.
  • As soon as we have completed the analysis and can confirm a finding, it is classified as a “confirmed finding” and is published on GitLab.
  • The “confidential” field must be selected for all reports that are classified as “high” or “critical”. Such reports are processed confidentially. In these cases, “coordinated vulnerability disclosure” applies.
  • Every person who reports a finding is free to submit a report to Swiss Post confidentially, regardless of the degree of severity.

 

Please adhere to our Code of Conduct.

CVE programme

Swiss Post supports common vulnerabilities and exposures (CVE). For confirmed critical vulnerabilities, we welcome the submission of a CVE and support the person who submits the report.

How we reward reports

Swiss Post rewards only confirmed reports. Our rewards range from 100 to 230,000 euros, depending on the criticality of the vulnerability. The detailed rewards system can be found on YesWeHack.

To qualify for a reward, registration and identification on YesWeHack is required.

Other e-voting bug bounty programmes

In accordance with legal directives, all parts of the e-voting process, including those outside the Swiss Post e-voting system, will be checked. Other cantonal suppliers/partners run their own bug bounty programmes.

Find out more

This might also interest you

Eine Frau in Business-Kleidung sitzt auf einem orangenen Pouf in einem hellen Büro und tippt auf einem Tablet, mit Regalen und Pflanzen im Hintergrund – Symbol für benutzerfreundliches und sicheres E-Voting in der Schweiz.

Try out e-voting

Swiss Post provides a test platform where anyone interested can try out how electronic voting works.

Find out more
E-Voting-Laptop

E-Voting

With Swiss Post’s e-voting solution, eligible voters can participate in votes and elections online. A number of municipalities and cantons use this secure service.

Find out more
Beautiful woman sitting on the sofa with a laptop

Contact and advice

Submit your enquiry with ease using the form. Our experts will reply to you quickly to arrange a personal consultation.

Get advice now