Details

Code of conduct for reporting vulnerabilities in the security of NS

NS finds a safe services is important. Security plays an important role in developing and offering our services.*

Code of conduct on reporting security vulnerabilities

Despite all precautions and other efforts situations can arise where there is a vulnerable spot in our security: a vulnerability. Discovered a vulnerability in our systems? We are happy to work with you on a solution. Therefore, we ask you to share this information confidentially with us.

As long as you make the necessary efforts to further violations of privacy, prevent destruction of data and interruption or degradation of our service, we will take no action against your intrusion security. Unless we have a suspicion that you are not acting in good faith.

For abuse of a detected vulnerability by preventing others, we ask you to follow the action following a notification.

Code of Conduct for responsible disclosure

Send an e-mail to [email protected]. Hereby give sufficient information (for example, a detailed description including IP addresses, logs, approaches, screenshots, etc.) so that we can assess your report as possible.
Report vulnerabilities, or suspicion thereof, without this in any way publicly.
Once you have reported a vulnerability, we will answer within two working days to contact you. We will inform you about our findings of your report.
In consultation with you we will determine a reasonable recovery period and, if NS is in agreement, agree on a coordinated publication of the vulnerability. We call on you to do in any way abuse in the meantime the vulnerability.
If you wish to remain anonymous indicated, we will use any personal data from your report or save. You can also ensure that the message is anonymous, for example by using an anonymous mail service on the Internet or via the TOR network.

Should it appear that you do not adhere to the above conduct, then NS reserves the right to still take action against you.

Note: The hotline is not intended for any questions or complaints about the products and services provided by NS. For questions or complaints, you can contact Customer Service NS, accessible via www.ns.nl.
In this Policy for reporting vulnerabilities in the security of NS Dutch law

Code of conduct for reporting vulnerabilities in the security of NS

NS finds a safe services is important. Security plays an important role in developing and offering our services.*

Code of conduct on reporting security vulnerabilities

For abuse of a detected vulnerability by preventing others, we ask you to follow the action following a notification.

Code of Conduct for responsible disclosure

Send an e-mail to [email protected]. Hereby give sufficient information (for example, a detailed description including IP addresses, logs, approaches, screenshots, etc.) so that we can assess your report as possible.

Report vulnerabilities, or suspicion thereof, without this in any way publicly.

Once you have reported a vulnerability, we will answer within two working days to contact you. We will inform you about our findings of your report.

In consultation with you we will determine a reasonable recovery period and, if NS is in agreement, agree on a coordinated publication of the vulnerability. We call on you to do in any way abuse in the meantime the vulnerability.

If you wish to remain anonymous indicated, we will use any personal data from your report or save. You can also ensure that the message is anonymous, for example by using an anonymous mail service on the Internet or via the TOR network.

Should it appear that you do not adhere to the above conduct, then NS reserves the right to still take action against you.

Note: The hotline is not intended for any questions or complaints about the products and services provided by NS. For questions or complaints, you can contact Customer Service NS, accessible via www.ns.nl.

In this Policy for reporting vulnerabilities in the security of NS Dutch law