https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2021 MSP 501 Application
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2021 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Shutterstock

Bug Bounty Program

ConnectWise Bug Bounty Program Invites Hackers to Hunt Security Flaws

  • Written by Edward Gately
  • September 23, 2020
The program is open to invited hackers via the HackerOne platform.

ConnectWise has launched a bug bounty program to quickly identify and remediate bugs and security vulnerabilities in its software.

In July, an MSP discovered two critical vulnerabilities in ConnectWise Automate that posed threats to MSPs and their customers if successfully exploited by hackers. Before that, multiple security flaws were found in ConnectWise Control.

The ConnectWise bug bounty program supplements the company’s internal vulnerability management strategy. ConnectWise is partnering with HackerOne, a hacker-powered security platform, to host the program.

A bug bounty program incentivizes security research by offering money for security vulnerabilities submitted. Accepting vulnerability reports from third parties helps organizations surface and resolve issues quickly, minimizing the chance for exploitation.

The ConnectWise bug bounty program is private. That means it is open only to invited hackers via the HackerOne platform.

Key Cybersecurity Strategies

Tom Greco is ConnectWise’s director of information security.

ConnectWise's Tom Greco

ConnectWise’s Tom Greco

“I joined ConnectWise about 18 months ago, and since then two of our key strategies have been to improve application security across the entire life cycle [and] be more transparent and improve our reputation for security in the marketplace,” he said. “The bug bounty program respects both strategies. The bug bounty complements our existing application security controls. It gives us the depth and breadth of HackerOne’s community offering a range of skills and experience, as well as varying perspectives on the products which could illuminate things that might be missed in our own testing.”

ConnectWise will address all confirmed vulnerabilities discovered through the program. It also will remediate and disclose issues based on severity.

Responsible disclosures will continue to be delivered through the ConnectWise Trust site. It’s the primary source of information on a number of security, compliance and privacy topics. It also houses ConnectWise’s security bulletins and alerts, critical patches and updates.

“Our goal is to provide a real-world scenario for the testing of our products,” Greco said. “The bug bounty program helps us identify issues, connects us to our community and helps us to be more transparent around the security of our products.

Bug Bounty Programs Work

Alex Rice is HackerOne’s co-founder and CTO.

HackerOne's Alex Rice

HackerOne’s Alex Rice

“Powered by a community of over three-quarters of a million hackers, HackerOne has helped over 2,000 customer programs find over 181,000 valid vulnerabilities in digital assets,” he said. “In total, hackers have earned over $100 million in return for these security findings. The business value placed on each found vulnerability is, on average, $979. That’s a small price to pay compared with the legal, brand and engineering impact of a security breach, which the Ponemon Institute and IBM Security estimate to be $3.86 million.”

Against a backdrop of unparalleled obstacles, security leaders have gained newfound appreciation for bug bounty and vulnerability disclosure, Rice said. A pay-for-results approach is more justifiable under tightened budgets.

“As a result of the challenges posed by COVID-19, 30% of security leaders say they are more open to accepting vulnerability reports from third-party researchers about information security issues,” he said. “And hackers are stepping up.”

Back in March, ConnectWise outlined some of the other improvements specifically around application security. Those include improvements in developer security training, application security standards, and increasing the quality and quantity of its testing.

“All of these initiatives are progressing as planned,” Greco said.

Tags: MSPs Best Practices Security Strategy

Related


  • Hacker looking at computer
    Microsoft Exchange Server Zero-Day Exploit Could Have Thousands of Victims
    Customers and service providers were urged to apply new patch immediately.
  • CP-Expo-Logo-1050x618 web
    Channel Partners Virtual Wraps — See You In Person at CP Expo Homecoming
    So long, Channel Partners Virtual. But what a week it was. Now, our live event is on tap.
  • Growth
    Auth0 Acquisition to Power Okta's Growth in Massive Identity Market
    Together, Okta and Auth0 address a broad set of identity use cases.
  • XDR
    5 Ways XDR Can Improve Operational Efficiency for MSPs
    XDR collects and automatically correlates data across multiple security layers, which means threats are detected faster.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • KnowBe4 to Buy MediaPro, Beef Up Privacy, Compliance Training
  • How Are Your Clients Handling Social Engineering? Chances Are, Not Well
  • Full-Stack ICT Supply Chain Ownership Becoming a Thing of the Past
  • Thycotic-Centrify Merger Poses Potential Threat to PAM Leader CyberArk

Galleries

View all

International Women’s Day & Tech: Move Beyond the Conversation

March 8, 2021

Industry Perspectives

View all

What is FirstNet–and What Are the Benefits for Channel Partners?

March 8, 2021

5 Ways XDR Can Improve Operational Efficiency for MSPs

March 4, 2021

Multi-Cloud: Strategy or Inevitable Outcome? (or both?)

March 3, 2021

Webinars

View all

A Partner’s Perspective on Channel Success in 2021

March 23, 2021

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021
  • 1

White Papers

View all

Why Fortinet for my MSSP?

March 2, 2021

Small and Mid-Size Business Security: 4 Steps to Success

March 2, 2021

How SMBs Can Secure Endpoints and Remote Workers for the Long Haul

March 2, 2021

Upcoming Events

View all

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

We celebrate #InternationalWomensDay by highlighting the important conversations and key statistics. @channelsmart… twitter.com/i/web/status/1…

March 9, 2021
ChannelFutures

A UK-based MSP got a lesson in grace when a post intended as a joke was mistaken for online bullying.… twitter.com/i/web/status/1…

March 9, 2021
ChannelFutures

Learn more about #FirstNet and partnering with @GetWirelessLLC. #LTE #firstresponders #connectivity #IoT… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Have you heard? @McAfee is selling its enterprise security business. And 75-year-old founder #JohnMcAfee faces deca… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Today we celebrate the achievements of women worldwide, and we are proud to give the rockstar women in the channel… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

The list of #Accellion FTA breach victims keeps growing. Another bank joined the list over the weekend.… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

Happy #InternationalWomensDay! The Channel Futures / @Channel_Online team is proud to support @AllianceofCW and… twitter.com/i/web/status/1…

March 8, 2021
ChannelFutures

#MSPs can help businesses deal with #cloudcomputing and #cybersecurity pain points, says @Dreamix_Ltd.… twitter.com/i/web/status/1…

March 8, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X