SIX connects financial market participants in Switzerland, Spain, and around the world. We are owned by more than 120 national and international financial institutions. They are the main users of the infrastructure, and are the most important clients.

SIX is a high-reliability organization and is committed to continuous improvement. The self-driven optimization of existing processes and preparations and the invention of new ones in order to adapt in an ever-changing environment are prerequisites for success, not only in the field of Business Continuity Management.

SIX takes responsibility:

  • for compliance with a number of standards and financial regulations
  • for implementation of Privacy by Design
  • for guaranteeing a secure and private financial market infrastructure and operation
  • for ensuring the identification and evaluation of technology risks
  • for implementation of leading cyber security solutions to avoid cyber-attacks, minimize their impact and prevent the failure of key systems

SIX is subject to the supervision of several regulatory bodies and aims to run its business services fully compliant to the corresponding requirements.

Vulnerability Disclosure Program

The threat of cyberattacks is a major risk and one that SIX takes very seriously. With strict security guidelines and a strong cyber-defense, we protect assets such as data centers, confidential information and our property as well as that of third parties.

The collaboration with security researchers is an additional valued measure to identify and mitigate existing vulnerabilities in a timely manner.

If you have found a vulnerability, please contact us using the form below or directly through our BugBounty program at HackerOne.

Notes on how to report vulnerabilities:

  • Please refer to our policy on reporting and publishing vulnerabilities and our response times.
  • Please submit your report in English or German, if possible.
  • Please specify to which website or area you are referring (Asset) and which vulnerability type (Weakness) it is.
  • So that we can understand your report quickly and efficiently, please include a proof of concept and a detailed description.
  • Please give us time to develop and roll out countermeasures, before you make technical details public (Responsible Disclosure).

Security is important at SIX. We handle risks with great focus and care. One of the main (cyber) risks is to think they don’t exist.

Thomas Koch, Chief Security Officer