Responsible Disclosures

Security disclosures
for professionals

Security Disclosure Policy

The Royal Bank of Scotland’s dedicated team of security professionals work vigilantly to help keep customer information secure, and we recognise the important role that security researchers and our customers also play

Security Disclosure Submission Terms

We run an amnesty for security researchers who, in good faith, identify vulnerabilities our online systems.

A Security Disclosure is something you want to tell us about which impacts the confidentiality, integrity, or availability of bank or customer data or systems.

If you have identified a potential vulnerability you can email us after reading the Security Disclosure Submission Terms, which contain all the information you need to be aware of before making a submission. 

If you discover or submit a vulnerability you should:

Not break any laws.

Make the Security Disclosure voluntarily

Be aged 16 or over, unless you have a Parent or Guardian’s permission.

Staff or their family members should follow the published internal process.

Important information

Something else we can help you with?