HOW BISHOP FOX ENABLES WICKR’S SECURITY ASSURANCE

When Wickr needed to prove that their products and services were secure, they turned to the experts at Bishop Fox to validate their security and provide the transparency pledged in their Customer Security Promises.

Posted on Aug 6, 2019 2:46:38 PM

As a leader in secure and encrypted communications, Wickr understands their business depends on protecting customer privacy. To prove their commitment, Wickr developed Customer Security Promises that include public transparency into the methodology and results of the independent security testing used to verify that their products and services are secure.

“With the consequences of breaches dominating headlines worldwide, individuals, teams and enterprises understand the need for secure communications. We recognized a real need that was not being met and decided to bridge that gap with products built not only with a security-first mindset, but with a solid commitment to validation and transparency.”

Chris Howell, CTO at Wickr

THE ENGAGEMENT

To fulfill their pledge, Wickr enlisted the team at Bishop Fox to perform a comprehensive examination of their overall security posture, including extensive penetration testing, a crypto-architecture review, and a source code analysis of all their products and third-party components. The engagement was designed to assess everything from their mobile and desktop clients to the back-end infrastructure and APIs that support them.

THE RESULTS

Evaluating Wickr’s security required a highly complex architectural assessment and thorough understanding of not only each individual component but also how they interact with each other. Wickr was very explicit in stating their goals for Bishop Fox’s testing, which included verifying that they are the service provider who does not, by design, have access to customer communications. This deep dive into Wickr’s security framework identified several areas where code updates would reduce the likelihood of future security issues and helped Wickr develop a testing plan to ensure no further exposure.

Findings and remediation recommendations were presented in a comprehensive assessment report, which provided tactical and strategic recommendations that empowered Wickr with the right knowledge and resources to further secure their platform and products.

“Not only is our crypto open for public review, but we are bringing in the world’s top experts to review and test our code, and doing it in a customer-facing way. Our Customer Promise document says here are the assertions we are making about the security of our product, and here’s a third-party expert’s perspective on whether they’re valid. We couldn’t be happier with the results we got from the Bishop Fox team.”

Chris Howell, CTO at Wickr

For Wickr, an ideal security partner was one that would go all in, one with the expertise necessary to harden their security posture to withstand attackers, and one that could ensure their secure messaging platform leads the market in terms of security. Bishop Fox enabled Wickr to fulfill their Customer Security Promises by creating a public-facing document that analyzed the engagement results and met Wickr’s pledge of transparency.

Wickr is motivated by the belief that private and trusted communications are critical for both organizations and privacy-minded individuals who may depend on the platform for their business or personal safety. They understand their business depends on their platform being verifiably secure, ephemeral, and available. Bishop Fox allowed Wickr to live up to their mission, and will remain engaged to ensure they stay secure and maintain their high standards in the future.

Topics:Service - Penetration TestingIndustry - CommunicationService - Architecture ReviewService - Source Code ReviewService - Continued EngagementService - Security Assessment

SUMMARY

CLIENT:

INDUSTRY:

Secure Communications

SERVICES PROVIDED:

  • Quarterly Assessments
  • Crypto Architecture Review
  • Penetration Testing
  • Source Code Review for
    All Application Changes
  • Continued Engagement
Download Case Study

About Wickr

With control-rich features such as device-to-device encryption, secure screen sharing, and voice and video calls, Wickr’s fully encrypted and ephemeral platform enables companies to control and protect their most critical communications. Wickr’s mission is to transform how companies and organizations protect valuable, high-target communications. In doing so, they strive to build the most trusted communication platform in the world by investing in comprehensive and transparent security testing to validate their approach.