Security disclosures for professionals
Security Disclosure Policy
The Royal Bank of Scotland’s dedicated team of security professionals work vigilantly to help keep customer information secure, and we recognise the important role that security researchers and our customers also play
Security Disclosure Submission Terms
We run an amnesty for security researchers who, in good faith, identify vulnerabilities our online systems.
A Security Disclosure is something you want to tell us about which impacts the confidentiality, integrity, or availability of bank or customer data or systems.
If you have identified a potential vulnerability you can email us after reading the Security Disclosure Submission Terms, which contain all the information you need to be aware of before making a submission.
If you discover or submit a vulnerability you should:
Not break any laws.
Make the Security Disclosure voluntarily
Be aged 16 or over, unless you have a Parent or Guardian’s permission.
Staff or their family members should follow the published internal process.
We may change this Security Disclosure Policy and the Security Disclosure Policy Terms from time to time. We may also cancel them and our Security Disclosure programme at any time. We’ll let you know on this page if we do this.