Vulnerability Disclosure Policy


At Trust Bank Singapore Limited, we are committed to ensuring the security of our data and that of our customers. While we aim to ensure that our services reflect this, we also recognise that given the complex and evolving environment in which we operate, security vulnerabilities may be present in our services. Despite our best efforts, these vulnerabilities may first be identified by security experts in the community. Any users, security experts, partners, or any other persons, who interact with our services are encouraged to report any actual or potential security vulnerabilities identified in our services (Vulnerability Report). This policy sets out our approach to receiving Vulnerability Reports. It includes details on how you can submit a Vulnerability Report, how we aim to respond to your Vulnerability Report, and our expectations as you interact with our services.

How to submit a Vulnerability Report ✍

If you believe you have identified an actual or potential security vulnerability in our services, we encourage you to notify us by using the process below. Before doing so please make sure you have reviewed this policy in its entirety. By submitting a Vulnerability Report to us, you confirm that you agree to all the terms set out in this policy.

Your undertakings

In undertaking any activity in relation to a Vulnerability Report, including in relation to any activity undertaken by you in identifying any vulnerability and the creation and provision of a Vulnerability Report, you acknowledge that you must not:
  • Harm or have the intention of harming us or our customers, employees, partners or suppliers.
  • Target the accounts or services, or attempt to access the data, of anyone other than yourself.
  • Breach, or otherwise conduct yourself in any way not in accordance with, any applicable laws and regulations.
  • Engage in or conduct social engineering, spamming, phishing, automated scanning, denial of service or other resource exhaustion attacks, or any other action that degrades, damages, or interrupts our services.
  • Exploit any vulnerabilities identified in any manner, including by:
    • Exfiltrating or attempting to exfiltrate any data.
    • Misusing, copying, deleting, modifying or otherwise manipulating any data, programmes or systems.
    • Access or change, or attempt to access or change, the services or data of any other individual.
    • Compromising the personal data of any other individual.
    • Share, or otherwise facilitate for others, system access.
  • Test or attempt to test the physical security of any of our properties.
  • Run automated scanning.
  • Scan the infrastructure of any of our host providers.
  • Disclose the details of any actual or suspected vulnerability or any Vulnerability Report, including any information related to a Vulnerability Report and the fact that you have submitted a Vulnerability Report to us, to any third party. You understand and agree that:
  • We may use your Vulnerability Report for any purpose deemed relevant by us, including the correction of any identified vulnerabilities that we determine in our sole discretion to exist and require correction.
  • Providing a Vulnerability Report to us and the undertaking any actions associated with such Vulnerability Report does not grant you a right to any intellectual property owned by us or any third party.
  • The Vulnerability Report and any improvements, remediation, or similar proposed by you in relation to our services (Improvements) are owned by us, and you assign all intellectual property rights in the Vulnerability Report and any Improvements to us immediately on creation.
  • Any Vulnerability Report is provided by you without expectation or requirement of any reward or benefit and without expectation that any vulnerability identified will be corrected by us.
  • We will not be liable for any expense, damage, or loss of any kind which you may incur in relation to any Vulnerability Report.
  • We will not provide any protection or immunity from civil or criminal liability (if any) under applicable laws and regulations.
  • We do not assume any responsibility for the contents of any Vulnerability Report submitted by you.
  • Our acknowledgement of any Vulnerability Report does not represent our endorsement of its contents.
  • We are not obliged to consult with you about any public statement we may elect in our sole discretion to release in relation to a Vulnerability Report submitted by you.
  • Nothing in this policy creates an agency, partnership, association, joint venture or similar relationship between you and us.

Privacy 🔒

We only keep limited personal details about you, such as your name (where you give it to us), your email ID and the contents of your disclosure. We keep these details in accordance with our Privacy notice for non-customers, available on our website.

Next steps ⏫

Upon receipt of your Vulnerability Report we may use the information provided to address the identified vulnerabilities. We may also seek to get in touch with you to clarify any details of your Vulnerability Report if necessary. However, we do not guarantee that you will receive a response from us.Last updated on: 1 September 2022, Version: 1.0Submit a vulnerability