Security. Arguably, the most highly sought-after and most contested feature in the world of consumer technology. NETGEAR has been an industry leader in the networking space for the past 20 years and, just last year, Forbes named NETGEAR on their list of the ‘Most Reputable Tech Companies of 2016’.
Product Security has always been a key focus for NETGEAR and, via this blog post, I wish to share with you the continuous efforts we undertake to improve product security for our growing global customer base.
In addition to the recent incidents of ransomware and attacks on customer private information and cloud systems, our industry is also observing an increasing number of attacks targeted on Internet of Things (IoT) devices and consumer networking equipment such as routers.
As John F. Kennedy said, “There are risks and costs to a program of action—but they are far less than the long-range cost of comfortable inaction”. As CIO here at NETGEAR, I can tell you that we value the privacy of our customers, and the security of our products and customer information is our top priority.
The key for any consumer technology company is to begin with a fundamental shift to being proactive on cybersecurity, and not just reacting when a vulnerability is reported. At NETGEAR we consider security as a part of our product design process, and have made a significant investment in security testing technology and penetration testing, before releasing any new product into the market. Our engineers now receive the best cybersecurity education possible, and we have taken great strides and are ever enhancing the security lifecycle of our products.
I recognize that, in the past, we have seen our fair share of direct public disclosures, often due to the fact that researchers either didn’t know how to contact us directly or were trying to contact us using channels we were not following. Therefore, it is now easier to reach us and communicate with the team. From our public facing security advisory page, there is a clearly visible, clickable button for reporting of vulnerabilities, ensuring that security researchers and the security community know how to get in touch with us, and procedures have been put into place to make sure that every communication is identified, tracked and resolved.
We have also focused heavily on recognizing and rewarding responsible disclosures by rolling out a public bug bounty program via the Bugcrowd platform. Since the launch of the program in January of 2017, there have been over 600 submissions from security researchers globally, and NETGEAR has awarded over $100,000 in cash rewards. We are working daily to evaluate every bug that is submitted and to resolve those that are validated.
In addition, advisories are being issued on our NETGEAR security advisory page, so that customers are informed of potential vulnerabilities and are made aware of the steps required to protect themselves by downloading available patches or implementing workarounds. Moreover, we send personalized emails to all our registered customers for affected products, share the information on our peer-to-peer forum community online, and re-publish the information in our monthly newsletter.
At NETGEAR, we aim to lead the charge on setting security standards for the industry, and we appreciate our customers putting their trust in our products!