The Swiss Federal Railways (SBB) operates one of the most complex and digitally integrated transportation systems in Europe. Our infrastructure spans mission-critical systems including real-time scheduling, ticketing, passenger and freight information. These systems are supported by a diverse set of platforms, APIs, mobile and web applications, and cloud-native services.
To ensure the resilience and integrity of our digital ecosystem, we are operating a Bug Bounty program aimed at identifying and mitigating security vulnerabilities before they can be exploited. We invite ethical hackers and security researchers to rigorously test our systems within a defined scope and under responsible disclosure guidelines.
Program Objectives:
Identify vulnerabilities that could compromise the confidentiality, integrity, or availability of SBB systems or customer data.
Validate the robustness of authentication, authorization, and session management mechanisms.
Detect insecure configurations, exposed services, or flawed implementations in APIs, web/mobile apps, and backend systems.
Strengthen the security posture of our cloud infrastructure.
Why Participate?
Contribute to the security of critical swiss infrastructure
Collaborate with a transparent and responsive security team
Receive recognition and monetary rewards based on impact and severity