At Logitech, we make products that live inside your home and business. Since you type your passwords on our keyboards, navigate your ecommerce sites using our mice, record your lives using our cameras, talk to others using our headsets and video conferencIng products, it is our core belief that our products should be safe and secure as they interact with your lives.
Logitech has an established internal Product Security Review Board (PSRB) comprising employees with relevant experience and expertise. The PSRB defines the policies and practices that all our product teams must adhere to and follows security best practices. We define a security vulnerability as an unintended weakness in a product that could allow a malicious actor to compromise the integrity, availability, or confidentiality of a product or service. We adopt a life-cycle approach to managing this risk. Relevant security risks are identified early in the design process, via our established risk assessment process. Appropriate security measures are developed to address any such risks and vulnerabilities, and embedded into the product design as it evolves. This may include incorporating encryption, digital signatures, strong authentication and authorization, and network security, as needed, based on each product’s data and network access needs. We carry out security testing prior to product launch and the Chairperson of the PSRB has the authority to halt the launch of any new product or service if the product security standards are not met. The PSRB reviews and provides final approval on the security design for new products under development.
We also welcome reports from independent researchers, industry organizations, vendors, customers, and other relevant stakeholders and sources post-launch. For this purpose, we run a public Vulnerability Disclosure and Bug Bounty Program and facilitate the receipt of such reports through our security reporting process. All submissions to this platform are reviewed by the appropriate security team members and are investigated further to determine the appropriate remedy, with an appropriate reward paid to the relevant reporter.
In addition to the internal Secure Software Development Lifecycle Process, Logitech is also an active participant in industry efforts to bake security into the core standards that our products use. Through our active participation in the Product Security Working Group (PSWG) and Matter Working Group within the Connectivity Standards Alliance (CSA), we continue to work with others in the industry to write and certify the standards by which next generation products will operate. Through these efforts, we remain committed to providing our customers with safe and secure products.