In principle, any Swisscom-owned assets are intended to be within the scope of the Programme. This includes almost all networks, systems, applications, products or services for which Swisscom is accountable.
Likewise, assets from affiliated companies are also in scope if Swisscom Ltd owns more than 50% of the company shares. You can find a list of such participations in the current annual report under Group Companies. However, certain exceptions apply; for example, Fastweb SpA is explicitly out of scope.
Swisscom's customer systems or customer systems outsourced to Swisscom are explicitly out of scope.
A non-exhaustive list of assets is maintained here as an authoritative source of the programme scope. Participants must ensure to restrict their research and testing activities as defined in the in-scope and out-of-scope lists. Note that items in the out-of-scope list take precedence over the in-scope items. Testing on non-declared or out-of-scope assets will be viewed as a violation of the Programme Rules and any report on such will be disregarded. If a Swisscom asset is missing from the list, please contact the Bug Bounty team to validate and extend the scope accordingly.