SBB receives reports of vulnerabilities in its IT systems via its Bug Bounty programme.

Security has top priority.

The analysis activity is carried out by ethical hackers worldwide who strictly adhere to the "Safe Harbour" agreement and report the vulnerabilities found with a detailed description via the Intigriti Bug Bounty platform (based in Belgium). 

As a reward for their work, the ethical hackers receive a bonus, the amount of which depends on the criticality of the vulnerability discovered. In view of the purely success-based payment and large number of ethical hackers who participate in the tests using different methods and experiences, the Bug Bounty programme is proving to be an extremely effective way to identify vulnerabilities.

Contact in exceptional cases.

Regular reports are made exclusively via the Bug Bounty platform to ensure efficient and timely processing. In urgent exceptional cases, contact SBB by e-mail: securityissues@sbb.chLink opens in new window..