Report an online security breach

1. Overview

The security of the State of Geneva's web applications is our priority.

We recognize and appreciate contributions from third parties. This is why we give you the opportunity to actively participate in the protection of our
systems.

To facilitate this collaboration, we provide you with a form to report the detection of any security breach.

Disclosure Policy

  • Give us a reasonable amount of time to fix the vulnerability before making it public
  • Do not disclose information about the vulnerability to third parties until we have fixed the problem
     

For who

  • The community of cybersecurity specialists
  • Vigilant citizens

When

When a potential security breach is detected.

Terms

  • The vulnerability must concern a service of the Geneva cantonal administration (information system, web application, software, etc.)
  • Other flaws can be reported on the Confederation's website
     

2. How to report a vulnerability?

If you discover a vulnerability concerning the components of the information system of the State of Geneva, we strongly encourage you to report.

  1. Make sure that the vulnerability concerns a service of the Geneva cantonal administration (application, software, website, etc.)
  2. Complete the form below, providing the following information:
    1. A detailed description of the vulnerability
    2. Steps to reproduce the issue
    3. Any useful information about affected systems or configurations
    4. Your contact details for follow-up (optional)
  3. Within 3 working days you will receive an acknowledgment of receipt, with the estimated processing time

The State of Geneva undertakes to rigorously evaluate all reported vulnerabilities and to correct any problems as quickly as possible.

Please allow us a reasonable amount of time to fix the vulnerability before making it public or communicating it to third parties.