Press "Enter" to skip to content

Vulnerability Disclosure Programs: What MSPs need to know with Jason Slagle

A conversation with Jason Slagle, VP of Operations at an MSP and a security researcher. What is a Bug Bounty program, why do MSPs care, and what should you know about some of the top vendors in the space?

00:00 Intro, Who is Jason?
01:14 What is a vulnerability disclosure program?
02:05 why should an IT services company care about one?
02:56 What are you looking for in a vulnerability disclosure program?
04:31 The start of this was a Washington Post article that covers how Apple takes submissions, but often doesn’t do anything with them.    What’s your take on their approach?
05:31 How about Microsoft?
06:22 Datto?
07:11 ConnectWise?
09:25 Kaseya?
10:24 N-Able?
10:45 What information should be published?
11:21 How does size or criteria for the vendor connect to expectations?
13:01 The new CISA guidance for MSP’s customers – what’s your take on that guidance?
14:02 What should companies in this space do to take action?  

Washington Post Article:

Want to get the show on your podcast app, or get the written versions of the stories? Subscribe to the Business of Tech:

Support the show on Patreon:

Want our stuff? Cool Merch? Wear “Why Do We Care?” – Visit

Follow us on:

Subscribe and click the notification bell to get all the latest videos.