GOhack24 - Symposium, bug bounty challenge & EDU program

Announcement: Threema now relies on the Swiss bug bounty platform from GObugfree and makes its messenger app even more secure

The maker of the popular secure Swiss messenger, Threema GmbH, is now partnering with GObugfree to secure its products, Threema and Threema Work. With the relaunch of its public bug bounty programme on GObugfree's SaaS platform, Threema invites trusted friendly hackers and experienced IT security experts to thoroughly test its open source products.

The-payment-alternative-to-WhatsApp-becomes-Open-Source-Threema-releases-the-code-of-its-apps-and-lowers-the-price-2.jpg.webp

Threema GmbH and GObugfree AG today jointly announced the relaunch of Threema's public bug bounty programme on GObugfree's Swiss SaaS platform: Threema GmbH's goal is to further improve the security of its apps Threema and Threema Work by collaborating with the community of Friendly Hackers and experienced security experts through a public bug bounty programme. The Swiss messenger service, which previously operated its own bug bounty programme as one of the pioneering companies in Switzerland, is now entrusting Zurich-based IT security startup GObugfree with the implementation and execution of the programme. Relaunching the programme on the Swiss SaaS platform and working closely with the GObugfree community of trusted, ethical hackers and independent IT security experts around the open-source apps aims to uncover any vulnerabilities that are currently still hidden, increase security and strengthen the trust of its clientele - because security and privacy protection are Threema's top priorities.

Increased risk of cyberattacks requires a secure messenger service

The risk of cyberattacks has increased again during the last years of the pandemic. According to the Allianz Risk Barometer, cyber incidents are the No. 1 business risk, they are becoming more widespread and costly. A large proportion of companies see data fraud and ransomware attacks as the biggest threat, and a third of Swiss SMEs have already been the victim of an attack. With the increase in the risk of cyberattacks, the need for companies to have a secure communication channel is once again growing. Threema GmbH has recognised this need and offers its B2B customers and their employees a secure communication channel that ensures data security as well as business continuity even in times of crisis. Now the messenger service wants to further strengthen the trust of its customers and shows with the relaunch of its public bug bounty programme that it has nothing to hide when it comes to security and that the inclusion of the know-how of the GObugfree hacker community ideally complements the regular, systematically conducted security checks.

Threema sets the bar high for bug bounty triage and validation

Running a bug bounty programme on your own is difficult and time-consuming for organisations. Hundreds of vulnerability reports need to be sifted through and responded to as needed, prioritising the impact and determining the value of the vulnerability. Then, the vulnerability fix must be secured and payment to researchers triggered. Companies hardly have the time or resources to sift through and review incoming vulnerability reports from external researchers. Threema GmbH has therefore decided to outsource its bug bounty programme and thus also the described triage and validation process to GObugfree's platform, because GObugfree has offered its customers comprehensive bug bounty support and service since day one.

We are delighted that Threema GmbH - a company focused on security and privacy - has chosen our platform to make their services even more secure
Christina Kistler, CCO, GObugfree

«We are delighted that Threema GmbH - a company whose focus is on security and privacy - has chosen our platform to make their services even more secure,» says Christina Kistler, CCO of GObugfree. «The fact that a security-focused company like Threema chooses our bug bounty platform shows the added value of not only providing a platform, but also offering comprehensive management, including technical review and escalation of valid vulnerability reports by experts. In addition, our team facilitates communication with the friendly hacker community.»

Click here for the program