Switzerland opens Swiyu bug bounty program to public

Switzerland has opened the bug bounty program for its upcoming digital identity wallet Swiyu to the public.

The bug bounty program has been run since July 2025 by the Federal Office for Cyber Security (BACS) in collaboration with security testing platform Bug Bounty Switzerland. Until now, the program has been run in private mode, meaning that only selected hackers could participate.

So far, 12 vulnerabilities have been identified, with results published on GitHub each quarter.

By opening the program to other hackers, the Swiss government wants to strengthen trust in the e-ID and the Swiyu trust infrastructure, according to its announcement.

The main focus areas for the testing include the Swiyu Public Beta trust infrastructure with Android and iOS apps, generic components and registries, as well as the implementation of open standards such as Verifiable Credentials, Decentralized Identifiers and OpenID for the issuance and verification of digital credentials. Applications are available at this link.

The Swiyu app is already available to citizens as a beta version, with plans to become a full-scale testing environment later in the year. The digital ID wallet stores users’ national eIDs while allowing them to control their data.

​The technical implementation plan was formed in 2024 by the Swiss government, which has allocated 100 million francs (US$113.3 million) for the project.

Article Topics

bug bounty  |  digital ID  |  digital wallets  |  e-ID  |  Switzerland  |  SWIYU