Secure Personnel
We cultivate a culture of security at Hummingbird through ongoing education and appropriate personnel controls. Our security practices begin well before we consider making a candidate a job offer, and continue on past the point where we part ways with an employee. Every member of the Hummingbird team receives regular training, and access to sensitive systems is granted on a very restrictive basis.
- Background checks
- Strong password requirements
- Ongoing training & certifications
- Carefully controlled permissions
- Code of conduct
- Expert consultants & advisors
Secure Development
We secure the development of our apps through a combination of automated testing, mandatory peer reviews, and third party testing. Our service is monitored for vulnerabilities, and we maintain a bug bounty program. All code changes are carefully reviewed and tested before they can be merged and deployed to our staging and sandbox environments. After additional live testing, changes may be merged to our production environment. We can roll changes back easily and quickly.
- Access management & reviews
- Penetration testing
- Vulnerability scanning
- XSS, XSRF, and SQL Injection protections
- Bug bounties
Secure Data
Keeping data secure is a top priority throughout our company. Encryption, access controls, system architecture design, and a culture of security among personnel all play roles in our approach to data security.
- Data encrypted in transit & at rest
- TLS 1.2 for all transmissions
- Unique encryption key per customer
- Data classification matrix
- Access restrictions
Programs & Certifications
Hummingbird employs third-party auditors, system testers, and hosts a bug bounty program to ensure that our service is secure.
SOC 2 Certification for Security, Availability, and Confidentiality.
Penetration testing by BugCrowd.
Public Bug Bounty Program.