sb-au logo
Story image

ConnectWise launches bug bounty program to bolster cybersecurity strategy

ConnectWise has launched a new bug bounty program with the aim of better detecting security vulnerabilities and aiding in the company’s broader cybersecurity strategies.

In order to run this initiative, ConnectWise is partnering with HackerOne, a hacker-powered security platform that will host the program.

According to ConnectWise, a bug bounty program incentivises security research by offering monetary rewards for security vulnerabilities submitted. Accepting vulnerability reports from third parties helps organisations surface and resolve issues quickly, minimising the chance for exploitation.

The ConnectWise Bug Bounty program is private, meaning that it is open to invited hackers via the HackerOne platform.

According to a statement, ConnectWise is committed to addressing all confirmed vulnerabilities discovered through the Bug Bounty program and will remediate and disclose issues commensurate with severity.

Responsible disclosures will continue to be delivered through the ConnectWise Trust Site, which is the primary source of information on a number of security, compliance and privacy topics.

It also houses ConnectWise's security bulletins and alerts, critical patches, and updates, with the ability to subscribe to proactive notifications via an RSS Feed.

The ConnectWise Bug Bounty program will be part of the company's commitment and ongoing efforts to strengthen its own security posture as well that of its TSP partners, and to improve transparency and communication with its partners when it comes to cybersecurity, the company states.

Other initiatives by the company include an internal focus on shift-left product development, an expansion of cybersecurity training programs for TSP partners, and the creation of the MSP+ Cybersecurity Framework, the industry's first global cybersecurity framework for MSPs.

ConnectWise director of information security Tom Greco says, “Cyber criminals move fast, so we have to move faster. Employing a bug bounty program with the help of HackerOne, the industry leader in this space, will allow us to do just that by finding issues before bad actors get a chance to exploit them.

“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure.

"As we said earlier this year, the launch of this Bug Bounty program is yet another important addition to our security arsenal and it's the latest piece of our overall strategy to strengthen our own security standing so that we can better protect our partners and their SMB customers.”

ConnectWise is an IT software company targeting Technology Solution Providers looking to expand their As-a-Service business with software, services, an IT community, and an ecosystem of integrations.

Story image
FortiGuard appoints former cyber warfare officer
Former RAAF cyber warfare officer Mark Robson has been appointed as senior tactical threat analyst in FortiGuard’s managed detection and response team, FortiResponder.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
ABB and Nozomi Networks extend collaboration, deliver improved OT security solutions
"With Nozomi Networks solutions added to our cybersecurity portfolio, our customers gain proven network monitoring and threat detection technology."More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More