Case Study Bluebox

Securing Industry Standards

When Bluebox needed a vendor to assess the security of their security product, they turned to Bishop Fox.

Securing an Opportunity

Founded in 2012, Bluebox set out to address a security concern that impacts enterprises and users alike — what happens when mobile apps aren’t as secure as they appear or claim? That’s where Bluebox comes in. Bluebox provides mobile application instrumentation to enhance app security and afford enterprises the ability to detect and respond to attacks. Their innovative solution addresses enterprise-level visibility, control, and security needs with the speed, ease of use, and privacy demanded by mobile users.

Any company claiming to help secure others needs to be secure themselves. Computer science legend Brian Kernighan once said, “Everyone knows that debugging is twice as hard as writing a program in the first place. So if you are as clever as you can be when write it, how will you ever debug it?”

Before they could confirm their security standing to stakeholders, Bluebox needed to turn to someone they could trust. Validating the implementation of their product security before clients relied on their product for security was not taken lightly.

“It’s one thing to say you focus on security; it’s another to show due diligence, follow best practice, and prove that you stand by your word.”

Adam Ely Co-Founder, Bluebox

Watching the Watchmen

Bluebox boasts leading talent in mobile application development and security on their team, so choosing a trusted advisor meant choosing someone they all could agree on as the best. To them, the choice was clear: Bishop Fox.

Co-founder Adam Ely reached out to Bishop Fox’s leading Android and iOS experts for help in reviewing the security of their security products.

“Bishop Fox is like the doctor’s doctor. There was no debate where we would go to in order to ensure the state of our security product,” said Ely. “They are the mobile security leaders; we’re a mobile security company. It just made sense.”

As the chosen security vendor for a security vendor, Bishop Fox was ready to get to work.

Forming a Partnership

Our team performed mobile security assessments for Android and iOS, web application penetration testing and external penetration tests of Bluebox infrastructure and online portal to give them an accurate picture of their state of security. Through successive iterations of testing, we helped Bluebox find and iron out some of the most sophisticated and complex bugs that regular testing and scans don’t cover.


“The Bluebox security team is super sharp and were always on the ball to get us what we needed, when we needed it. We talked with Bluebox’s team daily about findings, fixes, and functionality,” said Carl Livitt, Partner at Bishop Fox. “Bluebox have clearly put their money where their mouth is when it comes to building a novel, sophisticated mobile security platform.”

The daily meetings allowed both teams to get technical and dive deep into discoveries at a level not often reached within the scope of many assessments.

The Results

Bluebox implemented Bishop Fox recommendations and solutions to strengthen their security controls and improve their monitoring, auditing, and security event aggregation.

“We wanted a firm whose name carried weight for those in the know. We weren’t looking for a rubber stamp approval from just anyone. We wanted real security testing to know where we could improve for our customers,” said Ely.

Bishop Fox helped prepare Bluebox to serve their own customers and to provide assurance that security wasn’t just the top priority, but that security was the foundation upon which Bluebox is built.