Press Release

Bugcrowd Launches Public Bug Bounty Program for Fitbit


Fitbit to award up to $2,500 per vulnerability to ensure the security of its systems and users’ data

SAN FRANCISCO – February 14, 2018 – Bugcrowd, the leader in crowdsourced security testing, announced today its customer Fitbit (NYSE:FIT), the leading global wearables brand, expanded its public bug bounty program to a paid program. Having previously run both public and private bug bounty programs, Fitbit has now merged these programs to leverage a global community of security researchers on the Bugcrowd platform across its website, API, mobile applications and the company’s new smartwatch - Fitbit Ionic™. Fitbit will reward security researchers between $100 - $2,500 USD per bug identified—depending on impact and severity of vulnerabilities identified across these targets.

Bugcrowd architects security expertise into the design, support and management of every crowdsourced security program. Today, hundreds of industry-leading, security-conscious organizations including Western Union, Atlassian, Tesla and OWASP depend on this expertise to realize the benefits of crowdsourced security and improve their security stance.

“Companies are not only facing a new breed of attacks from motivated adversaries incentivized by personal socio-economic reasons, they are also feeling the pressure from consumers to ensure their digital security and new legislations that mandate vulnerability disclosure,” said Ashish Gupta, CEO of Bugcrowd. “A longtime customer, Fitbit was an early adopter of the crowdsourced security model to provide unprecedented protection and privacy of their customers’ data. By moving the Fitbit Ionic to their public program, they are again leading the industry in bringing secure wearable products to market.”

Fitbit's mission is to empower people to lead healthier, more active lives by providing them with data, inspiration and guidance to reach their goals. To achieve this mission, Fitbit strives to earn and maintain the trust of its users. Paramount to this goal is protecting the privacy and security of user data. The expansion of its bug bounty program demonstrates its continued commitment to this standard of security excellence.

“As the leading global wearables brand, Fitbit has always been committed to protecting consumer privacy and keeping data safe,” said Marc Bown, Senior Director, Security at Fitbit. “We’re constantly looking for ways to strengthen our security and partnering with Bugcrowd to leverage its global network will help us continue to develop industry-leading security practices while delivering the best health and fitness experiences for our users.”

To learn more about Fitbit’s program or to participate, visit bugcrowd.com/fitbit.

Additional Resources:

About Bugcrowd

Bugcrowd delivers the ultimate in security assessment for the enterprise. The pioneer and innovator in crowdsourced security for the enterprise, Bugcrowd combines the power of the global security researcher community with its proprietary Crowdcontrol platform to surface critical software vulnerabilities, and level the cybersecurity playing field. Bugcrowd provides a range of public, private, and on-demand options that allow companies to commission a customized security testing program to fit their specific needs.  Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures and Salesforce Ventures. Bugcrowd is a trademark of Bugcrowd, Inc. Learn more at www.bugcrowd.com.


  •  
  •  
  •  
  •