Dive Brief:
- Bug bounty programs, a security bot and regular penetration tests are just a few of the methods Slack is using to protect its users, according to a new white paper updating the public on the company’s security practices.
- The SecurityBot "redirects certain alerts back to the user that caused them. This way, those engineers can acknowledge the alerts and provide context or escalate them," according to Geoff Belknap, Slack’s chief security officer.
- Belknap says he has been steadily improving and scaling Slack’s security program to ensure the app’s security is top-notch while its customer base grows larger.
Dive Insight:
Slack is committed to security and is tackling it on a number of fronts, Belkap said. He also mentioned that there will likely be updates to tech rolled out earlier this year to protect API tokens. "We now methodically seek out and invalidate customers’ API tokens that have been accidentally posted publicly and follow-up with an automated notification to the customer," he said.
Slack may be looking to highlight it’s security initiatives after a Spiceworks report released earlier this month found Slack is considered the most innovative chat app, but Skype for Business is considered the leader in security.
And if Slack wants to successfully scale into enterprises, the company is going to have to assure businesses that its communication platform can support and secure large user bases.
