Posted on September 24, 2020 at 2:09 PM
Hackers Invited to ConnectWise’s Bug Bounty Program
Hackers have been invited to look for security flaws courtesy of the ConnectWise Bug Bounty program. The hackers have been given a closed invitation to log into the HackerOne platform and try to discover any vulnerability in the ConnectWise platform.
The plan for the platform is to find out if there are any bugs and remediate the bugs before black hat hackers find them out themselves.
ConnectWise poised to beef up security
In July, the MSP found out two critical bugs in ConnectWise automate which was a threat to both the MSP customers if hackers succeeded in exploiting the vulnerability. Before the incident, there were multiple flaws discovered in the ConnectWise control server.
Now, it seems the company is taking no chance, as it has invited hackers to try and find out if they could discover a vulnerability.
The company said it will take care of all confirmed vulnerabilities discovered through the program, and disclose some of the issues according to how severe they are.
The ConnectWise Trust site stated that it will continue delivering responsible disclosures since it’s the main source of information on different privacy, compliance, and security topics. It also accommodates ConnectWise’s security alerts and bulletins, updates, and critical patches.
“Our goal is to provide a real-world scenario for the testing of our products,” ConnectWise revealed in a statement on its site.
The company said the bug bounty program helps to discover issues, find a long-lasting solution and helps the firm to remain more transparent when it comes to the security of its products.
This type of open invitation is not new only to ConnectWise, as some firms prefer keeping their portal more security solid by inviting hackers to try their way into the portal. Of course, such action usually comes with a reward to the hacker who finds out any existing bug. Companies are usually happy to pay such rewards if it will improve their servers’ security, as they may be forced to pay much higher if their system is compromised.
The company has always been upfront in its handling of vulnerability issues, with the ConnectWise bug bounty program supplementing its bug management strategy. For this program, ConnectWise is collaborating with a hacker-backed security platform, HackerOne, to organize the program.
The bug bounty program will incentivize security research on the platform, offering money to anyone who finds security vulnerability on the platform.
Organizations can discover and solve security issues when they partner with third parties to accept vulnerability reports, which minimize the chance of exploitation by hackers.
However, this ConnectWise bug bounty program is not open to everyone. It is specifically designed for only the hackers invited through the HackerOne platform.
Vital Cybersecurity Strategies
ConnectWise said it has been guided by key security strategies to improve the security of its application, which will improve the company’s reputation.
The bug bounty program takes note of both strategies to improve security. It is an addition to the existing application security controls, which offers breadth and depth of HackerOne’s community.
Chief technology officer and founder of HackerOne Alex Rice has commented on the partnership.
He said HackerOne has helped more than 2,000 customers discover more than 180,000 vulnerabilities in their systems and server, which has strengthened the security framework of digital assets.
Alex further reiterated that since the platform began partnering with other business organizations to fish out bugs, hackers have earned an excess of $100 million as rewards for
This is a good compensation for the companies compared with the engineering, brand, and legal implications of a security breach, which will be way more than the compensation paid to the white hat hackers, he continued.
Security experts encourage more bug bounty programs
According to IBM Security and Ponemon Institute, the financial implication of a security breach averages $3.86 million for a company.
Security experts are also hailing the job of these bug bounty programs, as they have helped to reduce the frequency of security breach and vulnerability exploitation by hackers. Many are hoping other companies will organize similar programs to reduce the level of exploitation even further.