This is the Bank of England Security Vulnerability Disclosure Policy.
We recommend reading this disclosure policy fully before you report any vulnerabilities. This helps ensure that you understand the policy, and act in compliance with it.
We actively endorse and support working with the research and security practitioner community to improve our online security.
We are committed to:
- investigating and resolving security issues in our platform and services thoroughly
- working in collaboration with the security community
- responding promptly and actively
This page explains how the Bank of England works with the security research community to improve our online security.
Please note that this page does not provide any form of indemnity for any actions if they are either in breach of the law or of this policy. It does not provide an indemnity from the Bank of England or any third party.
This page was last updated on 2 December 2020.