Security

What security is like at x15ventures

Security philosophy

While x15's ventures are working to revolutionise the way people use technology to bank and interact with their finances, central to our development philosophy is the mantra of "safe, sound, secure".

Security is a core focus of all our ventures, not something we sacrifice in order to develop at pace. We design security into everything we build, not consider it an after thought.

As well as working to minimise the risk of security issues impacting our ventures, we also have a robust security operations capability ready to respond in the event of an incident.


Team

The x15 security team is a growing group of dedicated engineers focused entirely on the security of x15 and its ventures. Our team's expertise spans product security, operations, incident response, and security testing. We work with ventures at all phases of development to ensure the highest level of security for our software, systems, and processes.

Collectively, the team has decades of experience working in financial services institutions, multi-national tech companies, government, and small business.


Software & system security

Within the x15 umbrella, we have a range of ventures developing software that incorporates commercial software products, open source projects, and our own proprietary code. We are working to implement a range of pro-active measures to ensure that our software and the systems hosting it are as secure as possible. This includes:

  • Training developers in security, with material tailored to the languages and platforms they use.
  • Automated security tests in the build and CI systems, such as static code analysis, software composition analysis, and secrets detection.
  • Penetration testing and source code auditing.
  • Vulnerability and patch management.

Security operations

In the event of a security vulnerability or incident, the x15 security team is ready to respond. Our Security Operations Centre (SOC) constantly monitors for indicators of compromise, and responds to reports of vulnerabilities and breaches.

We treat resolution of security vulnerabilities and incidents as a critical priority.


Security risk management & regulatory compliance

As our ventures operate in the sphere of financial technology, various regulations apply, from regulators including APRA and the ACCC. As part of a broader risk management framework, we ensure compliance of our ventures with relevant regulatory standards such as APRA CPS 234, the CORIE framework, and the Consumer Data Right.


Reporting security vulnerabilities

Please report any security issues you find in the websites, applications, or systems of any x15 venture to: prodsec@x15.com.au.

Anyone can send email to this address. It will be read by the x15 security team, who will co-ordinate resolution of any reported security issues in confidence.