Security

Our security philosophy

At x15ventures, we’re working hard to build and scale the next generation of digital businesses to benefit CommBank’s 15 million customers and beyond. Central to our development philosophy is the mantra of "safe, sound, secure" – this means security is a core focus, not something we sacrifice to develop at pace. It’s baked into everything we build, not implemented as an afterthought.

We apply a zero-trust approach to security, emphasising strong identity controls as the security perimeter, and we are constantly working to minimise the risk of security issues impacting our ventures. We also have a robust security operations capability ready to respond in the event of an incident.

The x15 security team

We’ve got a dedicated team of talented engineers focused entirely on the security of x15 and our ventures. The x15 security team's expertise spans product security, operations, incident response, and security testing, with decades of collective experience working in the financial services industry, multi-national tech companies, government, and small business. The team works with our ventures at all phases of development to ensure the highest level of security for our software, systems, and processes.

Our approach to software and system security

Our ventures are developing software that incorporates commercial products, open-source projects, and our own proprietary code. We work hard to implement a range of proactive measures to ensure our software and the systems hosting it are as secure as possible. This includes:

Training developers in security, with material tailored to the languages and platforms they use

Automated security tests in the build and CI systems, such as static code analysis, software composition analysis, and secrets detection

Penetration testing, bug bounty programs, purple teaming, and source code auditing

Vulnerability and patch management.

Security operations

In the event of a security vulnerability or incident, our security team is ready to respond. The x15 Security Operations Centre (SOC) constantly monitors for indicators of compromise and responds to reports of vulnerabilities and breaches.

We treat resolution of security vulnerabilities and incidents as a critical priority.

Security risk management and regulatory compliance

As our ventures operate in the financial technology space, a number of regulations governed by the likes of APRA and the ACCC apply to us. As part of a broader risk management framework, we ensure compliance of our ventures with relevant regulatory standards such as APRA CPS 234, the CORIE framework, and the Consumer Data Right.

Scams, fraud, and suspicious behaviour

Scams and fraud are a major concern in today’s financial services environment. Our dedicated security team works alongside the Commonwealth Bank to implement a number of technologies to identify and prevent scams and fraud. More details on how to protect yourself can be found on CommBank’s website, including information on Credit Savvy's SavvyShield feature that protects against digital identity theft. 

If you have received a message that looks suspicious, please report it to us via hoax@x15.com.au, including emails and any other interactions you have had with the suspected fraudsters.

How to report security vulnerabilities

If you find any security concerns in the websites, applications, or systems of any of our ventures, please report them to security@x15.com.au. The x15 security team monitor this email address and will co-ordinate resolution of any reported issues in confidence.

© 2023 CBA New Digital Businesses Pty Ltd ABN 38 633 072 830 and Australian Credit Licence 516487, trading as x15ventures. x15ventures is a trade mark of CBA New Digital Businesses Pty Ltd. CBA New Digital Businesses Pty Ltd is a wholly owned but non-guaranteed subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124. CBA New Digital Businesses Pty Ltd is not an Authorised Deposit-taking Institution for the purposes of the Banking Act 1959 and its obligations do not represent deposits or other liabilities of Commonwealth Bank of Australia. Please refer to the venture websites for specific venture-related disclosures and other important information. Read our Privacy Policy.

Want access to events, networking and job opportunities, early-stage beta programs, and more?

linkedin icon
instagram icon
twitter icon

© 2023 CBA New Digital Businesses Pty Ltd ABN 38 633 072 830 and Australian Credit Licence 516487, trading as x15ventures. x15ventures is a trade mark of CBA New Digital Businesses Pty Ltd. CBA New Digital Businesses Pty Ltd is a wholly owned but non-guaranteed subsidiary of the Commonwealth Bank of Australia ABN 48 123 123 124. CBA New Digital Businesses Pty Ltd is not an Authorised Deposit-taking Institution for the purposes of the Banking Act 1959 and its obligations do not represent deposits or other liabilities of Commonwealth Bank of Australia. Please refer to the venture websites for specific venture-related disclosures and other important information. Read our Privacy Policy.

x15 Logo