Fitbit has always been committed to protecting consumer privacy and keeping data safe. Our internal security team is constantly testing our products for vulnerabilities as we strive to continuously strengthen our security. And, as our devices become more and more complex, we we are more mindful than ever that weaknesses can be difficult to...

We were thrilled to hear today that the Fitbit Security Team has been awarded two awards in Bugcrowd’s second annual Buggy awards.  This year we took home the “Best Response Time” and “Program of the Year” awards. Now that we have three Buggy Awards in our trophy cabinet (we took home “Best Response Time” last year) it feels like a...

On February 23, 2017, Google Project Zero and Cloudflare revealed the existence of the Cloudbleed bug. Fitbit uses Cloudflare as our content distribution network and the majority of our web and API traffic routes through the Cloudflare platform. We learned of the issue the same way as everyone else – when security-minded team members at...

With the pace of security today, nobody can afford to go it alone.  Even if you hire the greatest security team, deploy airtight process, tools, design reviews, testing, etc, there’s a global community of like-minded security folk working on these problems. There are economies of scale that come from researchers honing test strategies over many...