We, Swisscom Ltd and our affiliated companies (hereinafter "Swisscom") aim to design and operate our products and services according to the highest security standards to keep our customers safe. To this end, we are continually improving our security on multiple levels. We are aware that, despite all efforts, absolute security is impossible, and we cannot completely rule out the existence of security bugs. The purpose of the Swisscom Vulnerability Disclosure Policy and Bug Bounty Programme is to support the reporting of potential vulnerabilities in our systems by external parties. Customers, users, researchers, partners and any other parties who interact with Swisscom's products and services are encouraged to report identified vulnerabilities to our security team under observance of our Responsible Disclosure Policy(opens in new tab). Moreover, we invite both private individuals and legal entities to participate in our Bug Bounty Programme(opens in new tab) in accordance with the Programme Rules(opens in new tab). Bounties may be awarded for reporting qualifying and in-scope vulnerabilities
"Special situations require special measures when it comes to security, protection and risk awareness.”
Head of Group Security
To take part in our Bug Bounty Programme, please register and submit your report directly on our portal(opens in new tab).
To report a security vulnerability to Swisscom or for any other enquiries regarding the Bug Bounty Programme, please contact us by e-mail:
|PGP key ID||350B4B73FA225C67|
|PGP fingerprint||28E7 E4D0 7ED7 9083 A93C 03B2 350B 4B73 FA22 5C67|
|PGP public key||Public key|
|Postal address||Swisscom (Switzerland) Ltd
Bug Bounty Programme
|Bug Bounty programme policy||https://github.com/swisscom/bugbounty(opens in new tab)|
Swisscom acknowledges the value of contributions from the security researcher community and highly appreciates the efforts made by the reporting party. We thank you in advance for your contribution!