We have partnered with Amadeus to facilitate your ticket booking and purchase.
Amadeus takes security very seriously and works hard to protect customer data. We are constantly striving for improvement and work to protect your data in a safe, secure and high-availability manner consistent with industry standards and best practice.
Amadeus provides each user with a unique user name and password - and enables customers to choose security level activation on the products they use, such as activating two factor authentication, data transport encryption, and secure inter-office access as needed to provide flexibility for the global footprint of our valued customers.
Amadeus uses firewalls and other advanced security technologies to prevent interference or access from unintended intruders.
Security researchers seeking information on how to report security vulnerabilities should review our policy below.
Vulnerability Reporting Policy
Amadeus appreciates the valuable role independent security researchers play in Internet security today. Keeping our customer’s data secure is our highest priority and we encourage the responsible reporting of any vulnerability that may be found. By responsible disclosure Amadeus expects to be provided information about potential security discoveries in a private and confidential manner such that it can be verified and responded to before being made public. Additionally, Amadeus pledges not to initiate legal action against security researchers as long as they adhere to below conditions.
Reporting a potential security vulnerability
* Security researchers should confidentially and responsibly disclose full details of a suspected vulnerability so Amadeus application and security teams may validate and reproduce the issue by sending an email to: firstname.lastname@example.org
Amadeus does not permit the following types of security research
* Exploitation of a potential vulnerability - only the reporting of potential vulnerabilities
* Causing or attempting a Denial of Service(DoS) or Distributed (DDoS) condition
* Causing or attempting to cause a service availability risk for production systems, applications or data
* Accessing or attempting to access data or information that does not belong to you or that you do not have authority to be accessing legally or contractually
* Destroying or corrupting, or attempting to destroy or corrupt application data, systems or network data or information that does not belong to you - or that you do not have legal or contractual authority to access
* Phishing or social engineering of Amadeus employees, affiliates, or Amadeus customers
* Running automated scanning tools
* Current customer or potential new customer security research on community systems
The Amadeus security team commitment
To all security researchers who follow the above policy, the Amadeus security team will make best efforts to:
* Respond in a timely manner, acknowledging receipt of your report
* Handle your report with strict confidentiality and not pass on personal details to third parties without your permission
* Amadeus may at some time in the future give recognition for the discoverer of vulnerabilities – unless the security researcher chooses to remain anonymous which will be respected
Amadeus does not compensate people for reporting security vulnerabilities. Any such requests for compensation either directly - or externally in vulnerability marketplaces - will be considered a violation of the above policy conditions. In such an event, Amadeus reserves all of its legal rights.