Skip to content

Publications and source code

As part of its cybersecurity strategy, Swiss Post focuses on the public review of applications and services. This is why it runs bug bounty programmes to reward hackers and cryptographers financially for their work of scrutinizing the system and uncovering any confirmed vulnerabilities. In 2021, Swiss Post published all the core, security-relevant components of its e-voting system, and launched its bug bounty programme for an indefinite period. This allows specialists from all over the world to analyse, scrutinize and test the system. Swiss Post continues to work on its e-voting system to ensure it is always protected against cyberattacks.

Publications and source code

Complete disclosure of the new e-voting system

In 2021, Swiss Post published its new, fully verifiable e-voting system in multiple stages as part of a community programme so that independent experts could test it. Swiss Post also launched a public bug bounty programme for e-voting for an indefinite period of time.

More information on the disclosure can be found on the e-voting community website.

The Federal Council has granted four cantons an initial licence for the e-voting trial operation. Swiss Post’s e-voting system will be used. The e-voting trial operation is authorized until May 2025 in the Cantons of Basel-Stadt, St. Gallen and Thurgau and until March 2026 in the Canton of Graubünden.

Public intrusion tests

Public intrusion test 2023

Ethical hackers could put the e-voting infrastructure to the test from 8 to 31 July 2023. Swiss Post pays rewards of up to 230000 euros for confirmed findings. All reports received are listed on the specialist platform GitLab.

Find out more

Public intrusion test 2022
Over four weeks from 8 August to 2 September 2022, Swiss Post conducted a public intrusion test, during which ethical hackers attempted to access the e-voting infrastructure. Around 3,400 people from around the world took part. For the first time, the ethical hackers were able to try out and target the vote casting process on the voting portal using sample voting cards. The participants were not able to “crack” the e-voting infrastructure and infiltrate it. The intrusion test is a recurring measure as part of the e-voting system checks as well as a legal requirement of the Swiss Confederation.

Swiss Post’s final report can be found here
Public intrusion test 2019
From 25 February to 24 March 2019, Swiss Post carried out a public intrusion test. IT specialists and hackers were invited to attack the system with the aim of finding and fixing vulnerabilities.

During the four-week stress test, around 3,200 international IT experts inflicted targeted attacks on the new e-voting system. After the completion of the intrusion test, there were no manipulated votes in the electronic ballot box. The hackers did not manage to infiltrate the e-voting system. Attempts at overloading the system through DDoS attacks were unsuccessful. The hackers submitted a total of 173 findings. The Federal Chancellery, cantons and Swiss Post confirmed 16 of them. They all come under the lowest classification level of “Best Practices”.

Swiss Post’s final report summarizes the results and findings of the intrusion test.

Swiss Post’s final report can be found here.

The Confederation’s final report can be found here.

Go to the previous system from 2019

E-Government contact We would be happy to advise you about e-voting.

  • 1001

    Write to us

    Send us your query
  • 2090


    Stay up to date

  • 8005

    Swiss Post on LinkedIn

    Visit us on LinkedIn
  • 3138

    Our address

    Post CH Communication Ltd
    Wankdorfallee 4
    3030 Bern