BANK OF SINGAPORE Vulnerability Disclosure Policy

BANK OF SINGAPORE is committed to ensuring the security of our customers’ data and the reliability of our products and services. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and its reporting.

Restricted Actions

This section lists actions that are not authorized. Performing any of them will constitute a violation of this policy:

  • Breach of any applicable laws in connection to and leading up to your report.
  • Denial of Service (DoS) or other actions that degrade, damage, or interrupt BANK OF SINGAPORE services.
  • Exploitation of any vulnerabilities found.
  • Social engineering, spamming, phishing, denial-of-service or resource-exhaustion attacks.
  • Testing physical security of any property, building, plant, or factory of BANK OF SINGAPORE.
  • Leak/modify/destroy/misuse/abuse any user data or system files.


BANK OF SINGAPORE highly appreciates the efforts made by the reporting party in identifying the vulnerability or error. Reporting of such vulnerabilities and errors will contribute to improving the security and reliability of our product and services.

The preferred method for contacting BANK OF SINGAPORE regarding security vulnerabilities is by using the form present on this page.

By submitting a report, you expressly agree to the following terms and undertake that:

  • You assign all use and ownership rights of the report to BANK OF SINGAPORE.
  • Your actions and interactions with BANK OF SINGAPORE leading up to the report is not in violation of any applicable laws.
  • You have no intention of harming BANK OF SINGAPORE, its customers, employees, partners, vendors or suppliers.
  • You agree to not disclose any information about the report and vulnerability described within, and the fact that you submitted a report to BANK OF SINGAPORE.
  • You agree that the report is made out of goodwill, and is done without any expectations of rewards, monetary or otherwise, from BANK OF SINGAPORE.

Contact Information

Supplying your contact information with your report is entirely voluntary and at your discretion. This does not guarantee that you will receive any responses from BANK OF SINGAPORE regarding your report. BANK OF SINGAPORE may contact you regarding the contents of the report at its own discretion.

Otherwise, BANK OF SINGAPORE will process your contact information in accordance with BANK OF SINGAPORE’s Data Protection Policy. By filling in and sending your contact information to BANK OF SINGAPORE, you agree for your contact information to be processed in accordance with BANK OF SINGAPORE’s Data Protection Policy.

Report a vulnerability