Responsible disclosure statement

Effective 31 May 2018 until further notice.

We take the security of our systems seriously, and we value the security community. The responsible disclosure of security vulnerabilities helps us ensure the security and privacy of HICAPS and our customers.

If you believe you have found a security vulnerability with any of our services, we would like you to let us know right away via our Responsible Disclosure Program.

Neither NAB, nor HICAPS as a subsidiary of NAB, condones any malicious or illegal behaviour in the identification and reporting of security vulnerabilities.

Our Responsible Disclosure Program is managed by Bugcrowd. To see the terms of the program, and to report a security vulnerability, please refer to

Please note all disclosures must be made via Bugcrowd, not directly to HICAPS.