CartControl panel

Security

TransIP Responsible disclosure policy

Security is a core priority at TransIP. We highly value the work of ethical hackers and security researchers who help us protect our systems and our users. If you’ve discovered a potential vulnerability, we would love to hear about it through the Intigriti platform 

Important: We only accept vulnerability submissions via our Intigriti bug bounty program. Reports sent via email or other means will not be eligible for a bounty. 

Why Intigriti?

Using Intigriti benefits both sides: 

  • A secure and trusted platform for disclosure of vulnerabilities. 
  • Structured communication and feedback. 
  • Bounty rewards for accepted reports and easy payout. 
  • Optional anonymity for researchers. 

By centralizing our vulnerability handling with Intigriti, we ensure a smooth, fair, and secure process for everyone involved.

Guidelines

We ask all researchers to follow these basic rules: 

  • Do not exploit vulnerabilities beyond what is necessary for proof-of-concept. 
  • Avoid impacting user data or privacy. 
  • No social engineering or physical testing. 
  • Keep your findings confidential until we’ve had a chance to fix the issue. 

If you play by the rules, we commit to: 

  • Reviewing your report promptly. 
  • Keeping you informed about progress. 
  • Rewarding you when appropriate. 
  • Never taking legal action against responsible researchers.

Scope

You can find the current scope and testing guidelines directly on our Intigriti page.

How to report a security vulnerability?

We’ve partnered with Intigriti, a trusted bug bounty platform, to handle all responsible disclosure submissions. Our program is private, so you’ll need to be invited before you can submit a report. 

To request access:

  • Create an account with Intigriti.
  • Email us your Intigriti username at security@nl.team.blue. 

Once invited, you’ll be able to access our Intigriti program, where you’ll find:

  • A detailed list of in-scope and out-of-scope systems 
  • Rules of engagement for security testing 
  • Submission guidelines 
  • Potential rewards for eligible findings