Axcient Joins Huntress to Support DIVD Bug Bounty Program for Vulnerability Transparency

The Dutch Institute for Vulnerability Disclosure (DIVD) is leading a call to SMBs, MSPs, and their vendors to effectively disclose security vulnerabilities and discoveries. In an effort to destigmatize security incidents and enhance our defense against hackers, the bug bounty program aims to create a financial incentive for transparency.

Historically, a company that’s suffered a security breach is quick to hide the cyber incident from current and potential clients and competition in the industry. The fear is that disclosure of a vulnerability compromises the company’s reputation as secure and competent. Today, that status quo is being challenged in the name of transparency and community. The fact is that hackers are successfully attacking the channel at alarming rates. In response, Huntress, a cybersecurity solution provider, is supporting the Dutch Institute for Vulnerability Disclosure (DIVD) in creating a community-based bug bounty program to empower businesses against the bad guys.

  • Learn about DIVD and how their bug bounty program challenges the channel to level up with honesty and transparency.
  • Find out why it was important for Axcient to get involved in the initiative.
  • See how MSPs and their SMB clients can join the effort and improve security.

Huntress Donates $100,000 to Start a DIVD-Led Bug Bounty Program

Huntress protects from cybercriminals through their managed detection and response (MDR) platform and a team of human threat hunters. With the mission of elevating SMBs through education and community – one hacker at a time, Huntress donated $100,000 to the DIVD in January 2022. After a year full of new vulnerabilities and high-profile cyberattacks on MSPs and SMBs, Huntress is donating the funds to accomplish three core goals:

  1. Destigmatize and celebrate vendors who are transparent about security incidents and blind spots and who share their work behind the scenes to strengthen their platforms.
  2. Enable IT professionals to increase their cyber knowledge by hosting training events, covering attendee costs for other training and programs, and more.
  3. Establish incentives for members of the MSP and SMB communities to spend more time testing, breaking, and pwning the tools they use so vendors can find and fix issues faster and improve code quality.

Check out the last time Huntress and Axcient joined forces for our webinar, Planning for the Next Ransomware Attack.

Who is DIVD?

After investigating a variety of security research organizations, Huntress chose DIVD because of its expertise, vendor independence, and commitment to doing the right thing. Launched in October 2019, DIVD is a platform for volunteer security researchers to report vulnerabilities. Their mission is to “make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them. We have a global reach, but do it Dutch style: open, honest, collaborative, and for free.” According to their website, in 2021, DIVD notified almost 78,000 IPs of vulnerabilities. As of March 2022, they’ve already notified over 55,000 IPs of vulnerabilities this year.

Rather than uncovering these vulnerabilities for the purpose of public shaming, DIVD hopes that by notifying businesses of open doors, they will be able to close them before hackers gain entry. Connected by a common enemy and similar mission, Huntress, DIVD, and now Axcient, as well as a variety of other IT vendors, are coming together to support DIVD’s mission. Supported by volunteers, DIVD relies on donations to provide these critical and free services for the collective well-being of the cyber community.

Axcient Supports DIVD with $5,000 Donation

Axcient agrees with Huntress and the growing community of MSPs and vendors that believe security in a silo can never be effective. That’s why we donated $5,000 toward the DIVD-led bug bounty program. Cybercriminals have MSPs and our SMB clients in their sights, and collaboration, transparency, and accountability to our MSP partners are potent weapons against them. Simply waiting for the next attack, and hoping that any single vendor or MSP defenses are sufficient, just isn’t an option.

Transparency at Axcient is nothing new. We’ve always taken a transparent security-first approach to our products and partner relationships. In addition to sharing the results of our annual SOC audits and regular external testing with partners, we’ve also taken a ‘shift-left’ approach to security – making it central throughout the product development and testing lifecycle. Security is a core Axcient KPI and an integrated requirement that must be validated before pushing any code to partners.

With that said, as a vendor in the security space, Axcient is always looking to do more and do it better. While we do the necessary things like penetration testing and vulnerability assessments, we aim to evolve and progress even further. It’s our job as a solution provider to ensure our MSP partners never have to deal with a preventable breach stemming from an Axcient solution.

Add Your Organization to the DIVD Bug Bounty Program

Within just a month of launching this initiative, MSP vendors have pledged to donate a combined $75,000 to DIVD! While everyone agrees that security is the most significant threat to MSPs and their clients, collaborative programs like this are missing in addressing the problem. Through early detection, vendors have the considerable advantage of playing offense, rather than reactive defense. By identifying threats, collaborating across vendors and partners, and communicating openly, honestly, and transparently within the channel community – we can prevent many of these supply chain attacks from happening.

If you’re interested in getting involved, please reach out!

Carissa Kohn Johnson Axcient

About the Author: Carissa Johnson // Product Marketing Manager, Axcient

Carissa Kohn-Johnson has a background in healthcare technology and information technology and currently works as the Product Marketing Manager for Axcient. She has a lot of MSP Channel experience from planning and attending hundreds of conferences and tradeshows, and found her passion in technology, and working with MSPs in particular.  Connect with her on LinkedIn – perhaps you can contribute to the Axcient blog?

More Great Stuff From Our Blog:

Check out some other interesting pieces from our blog: What is SecurityScorecard, why MSPs should care, and how does Axcient’s score trend compare to other BCDR vendors, learn how you can ditch pricey on-site appliances with Local Cache for Direct-to-Cloud BCDR, get the skinny on how we can offer unlimited data retention and storage with no complicated tiered pricing (Seriously!), or dive into how chain-based backup works and why chain-free is the way to be.