Tamedia opens Bug Bounty program for all security experts and ethical hackers
Tamedia’s media were the target of a major cyberattack back in November and December 2020. These attacks aimed to affect the availability of computer systems, networks and websites. It was a massive attack, but thanks to extensive protection measures, the effects for readers in Switzerland were relatively minor.
In addition to major attacks, smaller attacks take place regularly against Tamedia’s newspapers and other offerings of the TX Group. “We constantly invest in security measures which particularly paid dividends during cyber attacks. We include security in our digital offerings from the very outset, and this includes DDoS protection. We are now even going so far that we pay hackers for finding vulnerabilities in our offerings using our Bug Bounty program”, says Andreas Schneider, Chief Information Security Officer at TX Group.
In addition to protection measures for individual devices, applications and networks, a Bug Bounty program has also been part of Tamedia’s and the TX Group’s activities for some considerable time. Over 1000 security experts and hackers have taken part in the program up to now by invitation: “By opening up the program, we hope to increase the number of participants significantly. The aim is to find vulnerabilities on Tamedia’s news sites, apps and backend systems, which would enable an attacker to overload the systems, access data or add harmful codes to the systems”, adds Reto Matter, Chief Technology Officer at Tamedia.
The program pays a reward for every security vulnerability found. Tamedia and TX Group are building on their partnership with BugCrowd, one of the largest providers of Bug Bounty programs. “Our Bug Bounty programs have been among the most effective measures in our product security strategy for some considerable time. Offering this program publicly is the crowning glory of our efforts to build the most secure news platform in Switzerland”, says Andreas Schneider, and continues: “We use the findings from our Bug Bounty programs to train our developers. That enables us to eliminate vulnerabilities before they occur.”
Hacking platforms is normally a crime. However, a Bug Bounty program involves ethical hacking in which hackers deliberately attempt to get into systems and search for vulnerabilities. As they have to observe certain rules, this does not constitute criminal activity.