- Supplement ConnectWise's internal vulnerability management strategy;
- support invited hackers via the HackerOne platform;
- deliver monetary rewards for security vulnerabilities submitted; and
- address and remediate all confirmed vulnerabilities discovered through the program.
ConnectWise Security: The Bigger Picture

“Cyber criminals move fast, so we have to move faster. Employing a bug bounty program with the help of HackerOne, the industry leader in this space, will allow us to do just that by finding issues before bad actors get a chance to exploit them. Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community’s expertise and participation in helping us keep our products secure. As we said earlier this year, the launch of this Bug Bounty program is yet another important addition to our security arsenal – and it’s the latest piece of our overall strategy to strengthen our own security standing so that we can better protect our partners and their SMB customers.”
MSP Software Companies, Service Providers: Prime Hacker, Ransomware Targets
The Bug Bounty program surfaces amid continued challenges for the overall MSP ecosystem. Software companies and service providers remain prime targets for hackers and ransomware attacks. The attacks often leverage RMM (remote monitoring and management) or remote access software as a potential springboard into customer networks.Recent MSP and IT consulting ransomware attack victims include:- Cognizant, which suffered $50 million to $70 million in lost revenue related to the attack.
- Collabera, an IT staffing firm;
- Equinix, the global data center and MSP firm;
- Orange Business Services, a major telecom service provider and Top 200 MSSP; and
- Telecom SA, the largest telecom company in Argentina.
- xChanging, a DXC Technology subsidiary.