Big four bank NAB has launched the first bug bounty program for Australian banking in a partnership with crowd-sourced security company Bugcrowd.
NAB will reward vetted security researchers who uncover previously undisclosed vulnerabilities in the bank’s tech environment.
But to take part, you must have an ‘Elite Trust Score’ on the Bugcrowd platform.
San Francisco-based Bugcrowd was founded by expat Sydneysider Casey Ellis, who launched the first crowd-sourced bug bounty programs on the platform in 2012.
NAB Executive Enterprise Security, Nick McKenzie said using controlled crowdsourcing methods would help NAB to further test and strengthen its existing cybersecurity capabilities.
“Controlled, crowdsourced cybersecurity brings together uniquely skilled testers and security researchers with fresh perspectives to uncover vulnerabilities in our defences that traditional assessment might have missed,” he said
“Diversity is a critical yet often overlooked factor in security and controls strategies. Moving to a ‘paid bounty’ gives us the ability to attract a wider pool of ethically-trained security researchers from across the globe.”
While the researchers will work in live environments, they won’t have access to any customer information.
Bugcrowd CEO Ashish Gupta said NAB’s layered security approach will be complemented by Bugcrowd’s security researchers and platform to find security vulnerabilities faster and help increase the bank’s resistance to cyber-attacks.