2025 Year in review

For GObugfree, 2025 was shaped by collaboration, community and sustainable security work, from ISO 27001 certification and GOhack25 to our ongoing engagement for SMEs.

Over the course of the year, collaboration repeatedly proved central to sustainable cybersecurity. Across different formats and initiatives, the focus was on sharing knowledge, taking responsibility and developing security together. Open exchange within the community played a key role throughout.

GBF-ISO-27001.png

ISO 27001: An important milestone

In October 2025, GObugfree achieved ISO 27001 certification. For us, this certification is not an end in itself, but a clear commitment to structured information security management, transparent processes and continuous improvement.

As a platform that handles sensitive security reports and enables exchange between organisations and ethical hackers, trust is essential. ISO 27001 helps us anchor that trust not just as a promise, but in a way that is measurable and verifiable.

GBF-Advisory-Board-Christoph-Lanter.png

Strengthening the Advisory Board

In 2025, Christoph Lanter joined GObugfree’s Advisory Board. An entrepreneur, board member and self-described connector, he brings valuable perspectives at the intersection of technology, entrepreneurship and communication. Together with existing board members Stefan Bürzle, Andreas Schneider, Matthias Jauslin and Ralph Hutter, he supports GObugfree in further developing cybersecurity approaches that are accessible, practical and relevant for SMEs.

gbf-gohack-edu-bb.png

GOhack25: Cybersecurity. Community. Collaboration.

In November, we hosted the third edition of GOhack, once again bringing together a symposium, EDU talks and a live bug bounty challenge. With a focus on the interaction between IT, IoT and OT, the symposium spanned topics ranging from how the world’s largest container ship approaches cybersecurity to insights into vulnerabilities in wireless bike gear systems and drones. New this year was a pre-session hosted by BDO: a hands-on crisis simulation that participants described as particularly valuable.

For the tech talks, we introduced an open call for speakers, bringing new voices and a range of high-quality sessions to the stage. The live bug bounty challenge was marked by strong engagement, new names on the leaderboard and intensive exchanges between ethical hackers and participating companies. GOhack remains a place for learning, exchange and a genuinely lived community.

gbf-2025-rueckblick-hack-for-good.png

Hack for Good: When security meets social impact

Hack for Good was once again an integral part of GOhack in 2025. For every confirmed vulnerability within the Hack for Good scopes on the RaiseNow and Koalect platforms, half of the bounties went to charitable projects benefiting Kindernothilfe Switzerland. The initiative highlighted how the ethical hacking community applies its expertise not only to strengthen security, but also to create social value.

gbf-2025-review-ctf.png

Learning, skills and community building

Cybersecurity thrives on exchange and shared learning. That is why learning and knowledge sharing play a central role at GObugfree. In 2025, we focused on these contributions through GOhack, GOlearn and ROESTI.

We started the year with a GOlearn webinar on incident and emergency planning, a topic that is particularly relevant for SMEs. The key takeaway was clear: emergency planning is not a theoretical compliance exercise, but a practical leadership responsibility.

ROESTI took place again in 2025, in partnership with SWITCH. Students came together for a day to test the systems of their respective educational institutions in a controlled setting. Formats like this show how hands-on learning, a sense of responsibility and a strong security culture can be meaningfully combined.

In addition, we ran several capture-the-flag (CTF) formats throughout 2025. These hands-on formats provided practical insights, encouraged exchange across different experience levels, and highlighted the value of learning by doing.

IMG_3013.jpeg

In dialogue with the community

We also contributed to professional exchange within the community, including as speakers and partners at external events. These included the inaugural Swiss Software Festival with its focus on Swiss-made software, conferences such as KYOS Konfluence, and joint initiatives like the Cyber Resilience Live Session. For us, exchange across organisational and industry boundaries is a core part of a vibrant cybersecurity community.

Cybersecurity as a strategic topic

In conversations with our customers in 2025, cybersecurity consistently emerged as a central topic and, for some organisations, an important differentiator. At the same time, there is no single “right” approach. Organisations use different methods and tools depending on their starting point, objectives and available resources.

Whether through targeted assessments, continuous programmes or an entry point check via attack surface analyses (ASA), what matters is that measures fit the current security maturity level and are implemented in a way that makes sense for the organisation’s situation. Cybersecurity is not a one-and-done activity, but an ongoing process that evolves alongside the business and its ever-changing environment.

gbf-blog-kmu-cybersecurity-check.png

Commitment to SMEs: The fully revised Cybersecurity Check

Together with partners like NCSC, ADSS and other organisations, we worked on a fully revised version of the SME Cybersecurity Check, which was published in December 2025. The goal is to enable SMEs to carry out a clear and realistic assessment of their current situation, with clear guidance and tangible value.

Looking ahead

2025 was shaped by shared responsibility, open exchange and a strong community. Thank you to our customers, partners and ethical hackers for your trust and collaboration. We’ll carry this momentum into 2026.

gbf-team-2025.png