Fitbit is a great example of an IoT company thinking progressively about product security in a time that this is becoming increasingly important. To learn more about many of the initiatives Fitbit is taking in security testing, how they think about product security, and why they utilize Bugcrowd to assist in their security testing, check out our API Security and the IoT podcast.
“We think of the bug bounty program as ‘part of this complete breakfast’. You have all these internal activities, and the Bugcrowd program for us… is a nice supplement to those things–it catches bugs that our internal testing didn’t catch. It also gives us information in what it doesn’t report.” ~ Jim Hebert, Sr. Security Engineer, Fitbit
Fitbit runs both a private and public program with Bugcrowd, focusing testing efforts primarily on mobile and web application, as well as their api. Learn more about Fitbit’s bug bounty programs.