At Wickr, our mission is to transform how companies and organizations protect valuable, high-target communications. In doing so, we strive to build the most trusted communication platform in the world by investing in comprehensive and transparent security testing. We are motivated by the belief that private and trusted communications are critical for organizations of all sizes. We understand that in order to earn this level of trust, our platform must be verifiably secure, ephemeral & available.
Fulfilling this mission requires significant engineering effort and transparency about how our technology works and why. From the start, Wickr has committed to delivering unique and advanced secure and ephemeral communication solutions, while adhering to a unique and advanced Security Program built upon the following core processes:
‣ Opening Wickr’s cryptographic protocols for independent public review
‣ Running an open Bug bounty program focused on ensuring confidentiality and integrity of user data
‣ A public Vulnerability Disclosure Policy
‣ Publication of Legal Process Guidelines to share how Wickr responds to government request for user information
‣ Regular publication of Transparency Reports
‣ Independent testing by world class security consultants
‣ Unit testing for applicable security issues identified through testing and bounties
CUSTOMER SECURITY PROMISES
To further advance our security program, we have built a set of Customer Security Promises to guide our internal engineering and testing processes, enable Wickr users to gain a clear understanding of the level of security Wickr aims to provide, and provide public transparency into the methodology and results of independent security testing related to these promises.
By committing to a continuous process of refining and delivering on our Customer Security Promises, we aim to set a new standard in how companies build trust with their users. We are making a public commitment to our customers that Wickr products will perform to these promises and a commitment to the Wickr team internally that we will provide the resources and support required to live up to these high standards for protecting user privacy and security.
WICKR'S CUSTOMER SECURITY PROMISES
1. The Wickr messaging protocol provides end-to-end encryption and integrity protection of communications
2. The Wickr messaging protocol enforces forward secrecy
3. The Wickr messaging protocol enforces authentication of messages
4. Compromise of Wickr infrastructure does not compromise message content
6. Message content and supporting encryption keys are managed properly on official supported Wickr Pro clients
While not indicative of everything we do to provide security and privacy in our products, these Customer Security Promises are the fundamental promises that we believe any security or privacy oriented communication and collaboration tool should make to their users. They will evolve as we add new functionality and products to the Wickr product portfolio and as more test plans are developed with our partners. Wickr will publish updated documents regularly in line with our ongoing testing efforts, the full scope of which are described below and extend far beyond promise verification.
The creation of Wickr’s Customer Security Promises and the above description of the overall testing framework and verification processes is a collaborative effort between Wickr and NCC Group, a global expert in cyber security. Our collective goal is to ensure that Wickr customers understand the process and results of the independent validation testing, and ultimately have the information they need to confidently determine that Wickr’s Customer Security Promises are achieved. We always welcome feedback from Wickr customers and hope this document provides a clear view into how Wickr builds privacy and security in its products.
The remainder of this document has been provided by NCC Group.