News

NTC launches Vulnerability Hub

Written by Team NTC | Jun 27, 2024 10:46:23 AM

NTC launches Vulnerability Hub to make cyber vulnerabilities identified by NTC visible

The National Test Institute for Cybersecurity NTC conducts cybersecurity testing of networked infrastructures, devices and applications that are critical to society and the economy.

From now on, vulnerabilities found by NTC will be documented on the NTC Vulnerability Hub.

Months often elapse between the time a vulnerability is detected and the time it is fixed and ready for publication. The Vulnerability Hub therefore contains only a selection of the NTC’s ongoing work.

There are currently over 80 documented vulnerabilities in the NTC Vulnerability Hub, including:

  • Swiss electric mobility charging infrastructure
  • Open source software, often developed by individuals or small organizations and rarely adequately tested
  • Healthcare applications that process sensitive patient data and are not adequately tested due to limited resources and lack of incentives

When publishing, care is taken to ensure that only as much information as necessary is disclosed. A transparent process is adhered to:

  • Private disclosure: confidential notification to the vendor
  • Patch adoption: remediation of the vulnerability
  • Public disclosure: publication on the NTC Vulnerability Hub

Typically, the Vulnerability Hub contains a description of the vulnerability identified, an assessment of the potential impact on affected systems, and information on workarounds or updates designed to mitigate or resolve the problem. The NTC Vulnerability Hub is publicly available and provided free of charge.

As a not-for-profit association, the NTC acts on its own initiative to test digital systems that are not adequately tested in Switzerland, whether due to a lack of incentives or legal obligations. Where strict independence and neutrality are required, the NTC also conducts cybersecurity testing on behalf of operators of critical infrastructure and authorities. 

The NTC contributes to Switzerland’s security and digital sovereignty by proactively identifying critical vulnerabilities and supporting their removal.