Security is the top priority for all of ConnectWise and we have set a security-first mindset into everything we do focusing on improving our development processes, enhancing our response processes for zero day exploits and adding both accountability and empowerment within our teams to move with added urgency regarding InfoSec concerns.
In the last 18 months, alongside a commitment to “shift left” and find potential security issues as early in the development cycle as possible, ConnectWise has made several tactical InfoSec investments. We have invested in an expanded dedicated InfoSec team and recurring consultant-performed deep-dive application penetration tests and code review of legacy code.
We have also partnered with and are leveraging HackerOne response service to drive response times for triage of externally reported InfoSec issues further towards industry-accepted standards (24 hours or less). We have an established Bug Bounty program providing continuous crowd-sourced vulnerability testing and assistance.
We have also invested in Technology to assist in securing our platform including automate security testing tools across all of our products so that deficiencies in coverage/effectiveness are removed and additional monitoring tools to regularly scan all of our live production environments. We also are utilized the tools and expertise available to us from our own SOC to continuously evaluate, detect, respond, and recover to potential threats.
For additional details and for info on available SOC2/SOC3 report please see our Trust Site Content.