Reporting vulnerabilities to SBB.
SBB launched a bug bounty programme several years ago.
As part of this initiative, publicly accessible IT systems and applications, such as sbb.ch or swisspass.ch, are being tested internationally by ethical hackers to identify any potential vulnerabilities.
The main goal is to detect and eliminate vulnerabilities as quickly as possible, before they can be exploited by malicious actors. This analysis activity is carried out by ethical hackers who report the vulnerabilities identified, providing a detailed description via the Intigriti bug bounty platform (based in Belgium).
As a reward for their work, the ethical hackers receive a ‘bounty. This is a bonus, the amount of which depends on the criticality of the vulnerability identified. In view of the purely success-based payment and large number of ethical hackers who participate in the tests using different methods and experiences, the bug bounty programme is proving to be an extremely effective way to identify vulnerabilities.
Report a vulnerabilitiy via Intigri