Responsible disclosure

Working together for a more secure Internet

HTM reiziger met hond in HTM tram

Found a security problem in our systems?

Please report your findings to HTM.

At HTM, the security of our systems is very important to us. Although we are committed to the security of our systems, it is possible that a vulnerability may still be discovered.

If you have found a vulnerability in one of our systems, we would like to hear about it. That way we can take quick action to better protect our customers and systems. Let's work together for a safer Internet!

Found vulnerability?

Help us as follows:

  • Send your findings to security@htm.nl. Encrypt your findings with our PGP key to prevent the information from falling into the wrong hands. We also handle reports that are not encrypted.
  • Provide enough information to reproduce the vulnerability, such as the IP address or URL of the affected system and a description of the vulnerability.
  • Do not abuse the vulnerability beyond what is necessary to demonstrate it. This means, for example, no excessive data downloading or viewing, deletion or modification of third-party data.
  • Do not share the vulnerability with others until it is resolved.
  • Delete all confidential data obtained through the vulnerability immediately after it is resolved.
  • Do not use physical security attacks, social engineering, distributed denial of service, spam or third-party applications.

Tip: If you like, we will induct you as a reporter into our Hall of Fame. This can also be done under a pseudonym or alias!

Our policy on a vulnerability notification

Mail confirmation

We will send you a confirmation of your e-mail within 5 days

Progress Update

We will keep you informed of the progress in solving the problem

Legal action

If you abide by the terms, we will not take legal action against you for reporting

Credits

In any newscoverage of the reported problem, we will include your name or pseudonym as the discoverer, if desired.

Complexity and costs

If a vulnerability is unresolvable or difficult to fix, or if it involves high costs, HTM may decide not to fix the vulnerability.

Updates

This page was last updated on May 13, 2024.

HTM bus en Aveniotram op het Spui (mei 2023)

HTM's Hall of Fame

Discover the place of honor for our security heroes