ConnectWise Launches Bug Bounty Program

Bug bounty hunters have been given fresh digital grounds to prowl with the launch of a new vulnerability detection rewards program by ConnectWise.

The software specialist provider announced today that it has launched a bug bounty program to supplement its own internal vulnerability management strategy. The crowdsourcing program was created with the aim of boosting efforts to quickly identify and remediate bugs and security vulnerabilities in the company's software. 

To host the program, ConnectWise is partnering with hacker-powered security platform HackerOne. The ConnectWise Bug Bounty program is private, meaning that it is only open to invited hackers via the HackerOne platform.

ConnectWise said that it is committed to addressing all confirmed vulnerabilities that are discovered through the bug bounty program and will remediate and disclose issues "commensurate with severity." Responsible disclosures will continue to be delivered through the ConnectWise Trust Site, which houses the company's security bulletins and alerts, critical patches, and updates, with the ability to subscribe to proactive notifications via an RSS feed.

“Cyber criminals move fast, so we have to move faster," said Tom Greco, director of information security at ConnectWise. "Employing a bug bounty program with the help of HackerOne, the industry leader in this space, will allow us to do just that by finding issues before bad actors get a chance to exploit them.”

Greco said that the world's bug bounty hunters provide an extra layer of protection by seeking out and reporting vulnerabilities.

“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community’s expertise and participation in helping us keep our products secure," he commented. 

"As we said earlier this year, the launch of this Bug Bounty program is yet another important addition to our security arsenal—and it’s the latest piece of our overall strategy to strengthen our own security standing so that we can better protect our partners and their SMB customers.”

ConnectWise is headquartered in Tampa, Florida, but has offices across the United States and abroad in Australia, India, and the United Kingdom. The company was founded in 1982 and became a Thoma Bravo Portfolio Company on March 1, 2019.

What’s Hot on Infosecurity Magazine?