Vulnerability Disclosure Program

At Transport Made Simple, we are committed to maintaining the stability of our software, and the security of the personal data that we store and process on behalf of our customers and colleagues.

As such, we frequently commission third-party security reviews, and proactively implement industry-standard best practices, in order to safeguard our systems, and the personal data stored within them, against cybersecurity threats.

Nevertheless, it would be irresponsible to operate on the basis that our software was impervious to cybersecurity vulnerabilities. So, as a part of our commitment, we operate a Vulnerability Disclosure Program, to reward the responsible disclosure of any issue found in our software, and to disincentivise anyone who discovers such an issue from turning to undesirable means for recompense.

Where a discloser is able to evidence an attack path which enables them to gain access to personal data which they should not be able to access, we offer a reward of £250 through the Vulnerability Disclosure Program. By claiming this reward the user agrees not to disclose, store, or otherwise use, any personal data that they have been able to access. All payments made through the Vulnerability Disclosure Program are done so on a strictly confidential basis.

Our Vulnerability Disclosure Program excludes:

Attacks based on phishing / social engineering
Attacks achieved through any illegal means
Attacks based on deliberately damaging actions (e.g. Denial of Service attacks), except where such attacks can be evidenced as having been discovered in such a way that is genuinely accidental

Disclosers are reminded that our operation of a Vulnerability Disclosure Program does not provide any permission or consent to access our systems in any way other than in the ordinary course of using such systems, and in line with prevailing legislation. We also draw attention to the provisions of the Computer Misuse Act 1990 (UK legislation), which disclosers should have regard to at all times.

To submit a claim under our Vulnerability Disclosure Program, please complete the form below.

First Name

Surname

Telephone Number

Please upload a copy of some official Government photo ID

Please upload evidence of the vulnerability you have identified

Please describe the vulnerability and provide further information to assist us in patching it

Please provide your bank details if you wish to claim the £250 reward under our Vulnerability Disclosure Program. Please note that all payments are made at the sole discretion of Central Connect Transport Limited, and you are responsible for declaring any payments to all relevant tax authorities, inlcluding HMRC in the UK.

Bank Account Name

Sort Code

Account Number

IBAN

Bank Account Country