ConnectWise has launched a bug bounty program to help quickly identify and fix bugs and security vulnerabilities in its software. ConnectWise is partnering with HackerOne to host the program.
To incentivise security research, a bug bounty program offers monetary rewards for security vulnerabilities submitted. Accepting vulnerability reports from third parties helps organisations surface and resolve issues quickly, minimising the chance for exploitation.
The ConnectWise Bug Bounty program is private, meaning that it is open to invited hackers via the HackerOne platform. ConnectWise will aim to address all confirmed vulnerabilities discovered through the Bug Bounty program and will attempt to fix and disclose issues according to severity. Responsible disclosures will continue to be delivered through the ConnectWise Trust Site, where information on a number of security, compliance and privacy topics can be found. It also houses ConnectWise’s security bulletins and alerts, critical patches, and updates, with the ability to subscribe to proactive notifications via an RSS Feed.
“Cyber criminals move fast, so we have to move faster. Employing a bug bounty program with the help of HackerOne, will allow us to do just that by finding issues before bad actors get a chance to exploit them,” said Tom Greco, Director of Information Security, ConnectWise.
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community’s expertise and participation in helping us keep our products secure. As we said earlier this year, the launch of this Bug Bounty program is yet another important addition to our security arsenal – and it’s the latest piece of our overall strategy to strengthen our own security standing so that we can better protect our partners and their SMB customers.”
The ConnectWise Bug Bounty program is an integral part of the company’s commitment and ongoing efforts to strengthen its own security posture as well that of its TSP partners, and to improve transparency and communication with its partners when it comes to cybersecurity. To date, this has included an internal focus on “shift-left” product development, an expansion of cybersecurity training programs for TSP partners, and the creation of the MSP+ Cybersecurity Framework, the industry’s first global cybersecurity framework for MSPs.
Read the latest issue now…
Read the latest edition of PCR’s monthly magazine below:
Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.