Responsible disclosure
At 10x, we take the security of our systems, products, and people seriously. We recognise the valuable role that security researchers and the wider security community play in helping us identify and address potential vulnerabilities.
We encourage responsible disclosure of security issues and work collaboratively with those who responsibly report such issues to us at security-disclosures@10xbanking.com.
Scope
This guidance applies to all of 10x Banking's digital assets, including but not limited to websites, web applications, mobile applications, APIs, and any other services operated and owned by 10x Banking. Please note that the 10xbanking.com website is considered hosted by a third party and is not in scope without explicit permission of the hosting provider.
Guidelines for Responsible Disclosure
If you have identified a potential security vulnerability within our systems or products, we kindly request that you observe the following:
Reporting
Please report the security issue to us as soon as possible by emailing us at security-disclosures@10xbanking.com. Provide us with sufficient details to understand and reproduce the issue, including steps to replicate it.
Provide adequate information
Please provide your contact information, including your name and email address, so that we can get in touch with you to discuss and acknowledge your report. If you wish to remain anonymous, please let us know in your initial report.
Communication
We will acknowledge receipt of your report within 10 business days and will provide you with updates on the progress of resolving the issue.
Public disclosure
We request that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and mitigate the vulnerability.
Responsible testing
When researching and testing for security vulnerabilities, please do not attempt to exploit the vulnerability for any reason other than to validate its existence. Unauthorised access, data exfiltration, or any other malicious activities are illegal and will be prosecuted in accordance with the law.
Confidentiality
We will handle your report with the utmost confidentiality and will not share your personal information without your explicit consent, unless required by law.
Cooperation
We encourage you to work with us to resolve the issue and verify that it has been adequately addressed. We appreciate your assistance in protecting our systems and users.
Our commitment to you
We will acknowledge receipt of your report within 10 business days and will provide you with regular updates on the progress of resolving the issue.
Rewards
At our sole discretion, we may offer reporters of valid and serious vulnerabilities recognition. We do not, as a matter of course, offer monetary rewards for vulnerability reports.
Legal protection
10x Banking will not pursue legal action against individuals who report security vulnerabilities in accordance with this Responsible Disclosure Policy, provided they do so in good faith and comply with the guidelines outlined here.
Disclaimer
This Responsible Disclosure Policy is subject to change without notice. It is the responsibility of the security researcher to check this page regularly for updates.
Thank you
We appreciate your efforts in helping us maintain the security and integrity of our systems and products. Your contributions make the online environment safer for everyone. Get in touch with us at security-disclosures@10xbanking.com.