Vulnerability Disclosure Program
in1bank are committed to ensuring the security of our information, systems and services.
If you have discovered a security issue that you believe may affect the confidentiality, integrity or availability of our information, systems, or services, please submit a report to our security team using the process outlined below.
We treat all information regarding vulnerabilities as confidential and request that you do not publicly disclose, discuss or confirm the details of any suspected security issues.
安全漏洞举报计划
合壹银行致力于确保我们的信息、系统和服务的安全。
如果您发现任何可疑或有可能影响我行信息,系统或服务的保密性、完整性或可用性的安全问题,请按照以下流程向我们的安全团队提交报告。
所有有关安全漏洞的信息将视为机密并要求您务必避免公开披露、讨论或确认任何有关可疑安全问题的细节。
In scope
in1bank mobile banking app (iOS)
in1bank mobile banking app (Android)
in1bank.com.au
举报范围
合壹银行手机银行应用(苹果)
合壹银行手机银行应用(安卓)
合壹银行网站: in1bank.com.au
Out of scope
The following activities are strictly prohibited
Any use of automated scanning tools
Any attempt to modify or destroy information
Any physical attempts against in1bank property
Any attempts of a Denial of service (DoS)
Accessing or attempting to access accounts or information you are not authorised to
Sending or attempting to send unsolicited or unauthorised email or other type of message
Conducting social engineering (including phishing) of in1bank employees, contractors, customers or any other related party
Posting, transmitting, uploading, linking to, sending or storing malware that could impact our services, products or customers
Exfiltration, disclosure or use of any proprietary or confidential information or data of in1bank (including customer data) under any circumstances
Any attacks using stolen or breached credentials
Any activity or attempt to gain unauthorised access to in1bank software or systems in violation of law.
范围之外
合壹银行严禁以下活动
任何自动扫描工具的使用。
任何修改或销毁信息的企图。
任何对银行财产的实体攻击。
任何阻断服务攻击(DoS)的企图。
访问或试图访问任何未获授权的帐户或信息。
发送或试图发送任何未经请求或未经授权的电子邮件或其他类型的消息。
对合壹银行员工、承包商、客户或任何其他关联方进行社会工程攻击(包括网络钓鱼攻击)。
发布、传输、上传、链接、发送或存储任何可能影响合壹银行服务、产品或客户的恶意软件。
在任何情况下窃取、披露或使用合壹银行的任何专有或机密信息或数据(包括客户数据)。
任何使用被盗或泄露凭证的攻击。
任何违反法律以获得未经授权访问合壹银行的软件或系统的活动或企图。
How to report a vulnerability
You can report suspected vulnerabilities to the in1bank Security Team by emailing vulnerability@in1bank.com.au
If you feel the email should be encrypted, our PGP key can be found below.
Download PGP key
To assist us in investigating your report, please include
Affected product or service, including affected URL(s)
Your name and contact information (if you do not wish to provide your personal information, you may contact us anonymously)
Date and time when the suspected vulnerability was discovered
IP address used when suspected vulnerability was discovered
Steps to reproduce the vulnerability
Once we received your disclosure report, you will receive confirmation from us within 24 hours.
We will use the disclosure information you provide to enhance the security of our systems.
We may also use the information in notifications to regulatory bodies, to comply with laws, and assist government or law enforcement agencies.
如何举报安全漏洞
您可以通过电子邮件 vulnerability@in1bank.com.au 以向合壹银行安全团队举报任何嫌疑的安全漏洞。
如果您希望使用加密电子邮件,我行的PGP密钥如下:下载PGP密钥
Download PGP key
为了协助我们调查你的报告,请在您的邮件中包括以下信息
受影响的产品或服务,包括受影响的URL
您的姓名和联系方式(如果您不希望提供您的个人信息,您可以匿名与我们联系)
发现可疑漏洞的日期和时间
发现可疑漏洞时使用的IP地址
重现漏洞的步骤
一旦我们收到您的举报报告,您将在24小时内收到我们的确认。
我们将使用您提供的信息来加强我们系统安全性。为了遵守法律及协助政府或执法机构,我行将保留相关机构发出通知时使用您所提供的信息的权利。