Our Culture of Security

Security is the foundation for everything we do at Hummingbird. From hiring and company communication safeguards, to best-practice approaches to secure development and information-sharing, we’re building a culture of security that extends from the break room to the front office.

security

Secure Personnel

We cultivate a culture of security through ongoing education and appropriate personnel controls. Our security practices begin well before we consider making a candidate a job offer, and continue on past the point where we part ways with an employee. Every member of the Hummingbird team receives regular training, and access to sensitive systems is extended only to essential personnel.

protocols

  • Background checks
  • Carefully controlled permissions
  • Strong password requirements
  • Code of conduct
  • Ongoing training & certifications
  • Expert consultants & advisors

Secure Development

Our apps are developed securely using a combination of automated testing, mandatory peer reviews, and third-party testing. Our service is continuously monitored for vulnerabilities, and we maintain a bug bounty program. All code changes are carefully reviewed and tested before they can be merged and deployed to our staging and sandbox environments. After additional live testing, changes may then be merged to our production environment. If a change in direction is needed, we can roll changes back easily and quickly.

protocols

  • Access management & reviews
  • XSS, XSRF, and SQL injection protections
  • Penetration testing
  • Bug bounties
  • Vulnerability scanning

Secure Data

Keeping data secure is a top priority throughout our company. Encryption, access controls, system architecture design, and a culture of security among personnel all play a part in our comprehensive approach to data security.

protocols

  • Data encrypted in transit & at rest
  • TLS 1.2 for all transmissions
  • Unique encryption key per customer
  • Data classification matrix
  • Access restrictions

Programs & Certifications

Hummingbird employs third-party auditors, system testers, and hosts a bug bounty program to ensure
that our service is secure.

  • soc

    SOC 2 Certification for Security, Availability, and Confidentiality

  • bugcrowd

    Penetration Testing

  • bugbounty

    Bug Bounty Program

  • soc

    SOC 2 Certification for Security, Availability, and Confidentiality

  • bugcrowd

    Penetration Testing

  • bugbounty

    Bug Bounty Program