National Australia Bank (NAB) Launches Bug Bounty Program

In the wake of ever-increasing cybersecurity threats to the financial sector, an Australian bank has announced a much-needed step. Specifically, the National Australia Bank (NAB) has announced the launch of a bug bounty program. The bank has joined hands with Bugcrowd to set up the program.

NAB Bug Bounty Program on Bugcrowd

As announced recently, NAB has introduced a bug bounty program on Bugcrowd. Sharing the details in a press release, NAB called this step a “first of its kind in Australian banking”.

According to Nick McKenzie, Executive Enterprise Security at NAB, this “controlled crowdsourcing” will help the bank to strengthen its security.

Diversity is a critical yet often overlooked factor in security and controls strategies. Moving to a ‘paid bounty’ gives us the ability to attract a wider pool of ethically-trained security researchers from across the globe.

Launched on Bugcrowd, the program will aim at “Elite Trust Score” individuals on the platform, rewarding them for disclosing previously unknown vulnerabilities.

Commenting about this step, Ashish Gupta, CEO, Bugcrowd, said,

In addition to being one of the first in Australian banking to use the power of a crowdsourced security model, NAB has deployed an impressive layered security approach that is now complemented by Bugcrowd’s crowd of security researchers and platform which assists in finding security vulnerabilities faster and gather actionable insights to increase their resistance to cyber-attacks.

NAB has further clarified that the activities under this program won’t affect the customers’ banking experience. Nor will the researchers have any access to the customers’ data.

NAB has previously implemented a Responsible Disclosure Program via Bugcrowd. Under this program that started off in May 2018, NAB attended the bug reports but didn’t offer any monetary rewards to the researchers.

However, with a dedicated bug bounty program now, it seems NAB will also offer remunerations to the researchers’ community.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients