Security
Security philosophy
While x15's ventures are working to revolutionise the way people use technology to bank and interact with their finances, central to our development philosophy is the mantra of "safe, sound, secure".
Security is a core focus of all our ventures, not something we sacrifice in order to develop at pace. We design security into everything we build, not consider it an after thought.
As well as working to minimise the risk of security issues impacting our ventures, we also have a robust security operations capability ready to respond in the event of an incident.
Team
The x15 security team is a growing group of dedicated engineers focused entirely on the security of x15 and its ventures. Our team's expertise spans product security, operations, incident response, and security testing. We work with ventures at all phases of development to ensure the highest level of security for our software, systems, and processes.
Collectively, the team has decades of experience working in financial services institutions, multi-national tech companies, government, and small business.
Software & system security
Within the x15 umbrella, we have a range of ventures developing software that incorporates commercial software products, open source projects, and our own proprietary code. We are working to implement a range of pro-active measures to ensure that our software and the systems hosting it are as secure as possible. This includes:
Training developers in security, with material tailored to the languages and platforms they use.
Automated security tests in the build and CI systems, such as static code analysis, software composition analysis, and secrets detection.
Penetration testing and source code auditing.
Vulnerability and patch management.
Security operations
In the event of a security vulnerability or incident, the x15 security team is ready to respond. Our Security Operations Centre (SOC) constantly monitors for indicators of compromise, and responds to reports of vulnerabilities and breaches.
We treat resolution of security vulnerabilities and incidents as a critical priority.
Security risk management & regulatory compliance
As our ventures operate in the sphere of financial technology, various regulations apply, from regulators including APRA and the ACCC. As part of a broader risk management framework, we ensure compliance of our ventures with relevant regulatory standards such as APRA CPS 234, the CORIE framework, and the Consumer Data Right.
Reporting security vulnerabilities
Please report any security issues you find in the websites, applications, or systems of any x15 venture to:prodsec@x15.com.au.
Anyone can send email to this address. It will be read by the x15 security team, who will co-ordinate resolution of any reported security issues in confidence.
© 2023 CBA New Digital Businesses Pty Ltd ABN 38 633 072 830 and Australian Credit Licence 516487, trading as x15ventures. x15ventures is a trade mark of CBA New Digital Businesses Pty Ltd. CBA New Digital Businesses Pty Ltd is a wholly owned but non-guaranteed subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124. CBA New Digital Businesses Pty Ltd is not an Authorised Deposit-taking Institution for the purposes of the Banking Act 1959 and its obligations do not represent deposits or other liabilities of Commonwealth Bank of Australia. Please refer to the venture websites for specific venture-related disclosures and other important information. Read our Privacy Policy.
© 2023 CBA New Digital Businesses Pty Ltd ABN 38 633 072 830 and Australian Credit Licence 516487, trading as x15ventures. x15ventures is a trade mark of CBA New Digital Businesses Pty Ltd. CBA New Digital Businesses Pty Ltd is a wholly owned but non-guaranteed subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124. CBA New Digital Businesses Pty Ltd is not an Authorised Deposit-taking Institution for the purposes of the Banking Act 1959 and its obligations do not represent deposits or other liabilities of Commonwealth Bank of Australia. Please refer to the venture websites for specific venture-related disclosures and other important information. Read our Privacy Policy.