The MSP software specialist ConnectWise is rolling out a new bug bounty programme as part of a drive to bolster the security of its applications.
ConnectWise is partnering with HackerOne on the initiative, which will see freelance pen-testers paid up to $2,000 for identifying software flaws that could be exploited by hackers.
The company, which is owned by the private equity firm Thoma Bravo, is just the latest in a long line of high-profile businesses to sign up to HackerOne’s platform. Other HackerOne clients include Uber, Goldman Sachs and IBM.
Tom Greco, director of information security at ConnectWise, said there had been a rise in attacks on managed service providers since the start of the pandemic as businesses increasingly lean on them for remote-working support.
But he said “the strategy we had set to do this was already in place before the pandemic hit. I’m not going to say we didn’t increase our vigilance but the strategic plan itself were actually determined before the increase. The bug bounty is one component of an overall programme to improve application security.”
Greco said ConnectWise chose HackerOne over its competitors because he was impressed by the company’s platform and the “breadth and depth of the community”. Some hackers have earned more than a million dollars through the site and the company has seen a rise in time spent on its platform since the start of the pandemic earlier this year.
Security is increasingly important for the small and medium-sized businesses (SMBs) when it comes to selecting an MSP. Research commissioned by ConnectWise and published last week revealed that nine out of every 10 SMBs would consider moving to a new MSP if it had a better security offering, in what has been seen as a vote of confidence for traditional MSPs that are transitioning to a managed security services provider offering.