Engineering Fitness

Security

Bugcrowd’s Buggy Awards: Fitbit Takes Two!

We were thrilled to hear today that the Fitbit Security Team has been awarded two awards in Bugcrowd’s second annual Buggy awards.  This year we took home the “Best Response Time” and “Program of the Year” awards. Now that we have three Buggy Awards in our trophy cabinet (we took home “Best Response Time” last year) it feels like a...

Fitbit Response to Cloudflare Security Issue

On February 23, 2017, Google Project Zero and Cloudflare revealed the existence of the Cloudbleed bug. Fitbit uses Cloudflare as our content distribution network and the majority of our web and API traffic routes through the Cloudflare platform. We learned of the issue the same way as everyone else – when security-minded team members at...

Stepping Up: Working with the Security Community

With the pace of security today, nobody can afford to go it alone.  Even if you hire the greatest security team, deploy airtight process, tools, design reviews, testing, etc, there’s a global community of like-minded security folk working on these problems. There are economies of scale that come from researchers honing test strategies over many...