Press "Enter" to skip to content

ConnectWise announces bug bounty program

ConnectWise has launched a bug bounty program in partnership with HackerOne.   

Why do we care?

My first care is that I criticized them for not having one, so this is recognition that the status has changed.

This is what grown up companies are doing.  Solarwinds also has a program with HackerOne.   Kaseya explicitly does not have a bounty program, but does have a reporting mechanism.  I’ve included a link in the show notes.

My big takeaway here is that the checklist of things you should be asking your potential vendors – or existing ones – needs to include a whole lot more about their security procedures.

Why?  As we learned in the previous story… you are for sale, and they are coming for you via your toolset.  

Source: Channel E2E

Source: Kaseya

One Comment

Comments are closed.