Responsible disclosure of security bugs

Security has the highest priority at FlixBus and we are continuously working to provide secure products. While we do our best to deliver secure code, mistakes happen.

Should you find a security bug in one of our products, please report it to us as soon as possible. This way, we can further improve the security and reliability of FlixBus.
 

How to report a security bug

If you discover a security bug, please report it to responsible-disclosure@flixbus.com.

In your bug report, please include the following information:


The kind of vulnerability or bug it you have found.

  • How can the vulnerability be reproduced? The more technical details the better.
  • What is the impact/risk?
  • What is the suggested fix?
     

Please note that we currently don’t offer bug bounties, or others forms of compensation, for reported vulnerabilities. We are also unable to publicly give credit to those submitting security bugs, or provide updates on the status of submitted bug reports.