TX Group launches public bug bounty program for 20 Minuten
With the ground-up revision of the 20 Minuten online presence in spring 2020, security in the platform has been built-into by design. From technical design to go-live, cutting-edge security elements were built in to ensure the availability of the platform and the data and security of the readership at all times. In addition, some 850 hackers and security researchers (or "bug hunters") spent more than a year searching for security vulnerabilities as part of a closed bug bounty program. In such a program, payment is made per security flaw found. There's a "price on the head" of each flaw or bug – which is why it's described as a bug bounty program. For the success of this program, TX Group is building on its partnership with BugCrowd, one of the world's largest providers of bug bounty programs.
Raising the security level even further, TX Group is now making the program publicly accessible to all security researchers and hackers globally. «Our bug bounty programs have long been one of the most effective measures in our product security strategy. Offering this program publicly is the cherry on the pie regarding our efforts to build Switzerland's most secure news platform. With this step, TX Group is rising to be a trailblazer in the realm of Cybersecurity in Switzerland,» says Andreas Schneider, Group CISO of the TX Group.
As the news portal with the widest reach in Switzerland, 20 Minuten sets very high standards for the security and stability of its platforms. Marco Di Bernardo, CTO of 20 Minuten, explains: «Rather like boxers, we train every day with the world's best sparring partners. They relentlessly expose our weaknesses and show us where we need to improve. This gives us a natural resilience against many threats, and that's why the bug bounty program is one of the cornerstones of our strategy.»
Hacking into platforms is normally a criminal offense. A bug bounty program is ethical hacking, in which hackers deliberately penetrate systems and specifically search for vulnerabilities. However, because they abide by certain rules, they are not legally prosecuted. «Such programs not only improve our cybersecurity, but also create trust as well as transparency and thus make an important contribution to the digital transformation of TX Group," explains Schneider, adding, «20 Minuten is just the beginning. Still this year, we will make further bug bounty programs available to the public and thus further increase our digital trustworthiness.»