Developers often use the open-source software Git to manage and version software source code. These kinds of Git directories not only contain the full source code, including previous versions, but potentially also sensitive, confidential data such as passwords. Git directories with inadequate protection harbour a significant risk, even in Switzerland.
After being notified of this vulnerability by an external body in summer 2022, the National Cyber Security Centre (NCSC) carried out a survey of .ch domain names and found a large number of .git folders to be insufficiently protected.
The NCSC’s tasks include acting on behalf of the Swiss Confederation in the field of vulnerability management. In this case, the organisation informed all holders of the affected .ch domain names. On behalf of the Federal Office of Communications, SWITCH is always involved if users are at risk due to .ch domain names. SWITCH supports the NCSC’s measures to make the internet in Switzerland safer for everyone.