Huntress has donated $100,000 to the Dutch Institute for Vulnerability Disclosure (DIVD) Bug Bounty Program. The money will support the growth of the volunteer-led organisation. In 2022, it wants to take on a full-time staff member and expand its current workload.
It also plans to use some of the money to back a bug bounty program. This will focus on vulnerabilities and discoveries specific to the tools used by MSPs and SMBs. Focusing on these two markets should help reduce supply chain attacks.
SMBs are seen to be easy targets by most attackers. With a lack of cybersecurity skills, some SMBs have little choice but to outsource security to MSPs. If an MSP is breached, that attack often exposes hundreds or even thousands of small businesses.
Huntress claims this is just part of what it is planning in 2022. It claims that one of its goals is to put its money where its mouth is to accomplish a few things.
Why is Huntress giving away money?
In a blog, Huntress has said, “Small and midsize businesses—which represent more than 99% of the organisations in the US and are the cornerstone of our economy—are depending on us to protect them from today’s determined cybercriminals and nation-state actors. But we’re not doing enough to help them.”
It’s a strong statement and one that will resonate with the SMB community. They often feel that tools are priced mainly for large enterprises. They also feel that vendors make tools complicated to sell additional services. Few SMBs can afford a properly staffed cybersecurity team. As such, it leaves them exposed.
The money that Huntress is giving to the DIVD is just part of its plans for 2022. It has highlighted three other things it wants to accomplish this year.
- Destigmatise and celebrate vendors who are transparent about security incidents and blindspots and who share the work they’re doing behind the scenes to strengthen their platforms
- Enable IT professionals to increase their cyber knowledge and chops—by hosting our own training events, covering attendee costs for other training and programs and more
- Establish incentives for members of the MSP and SMB communities to spend more time testing, breaking, and pwning the tools they use so vendors can find and fix issues faster and improve code quality
The goal is to encourage the industry to come together and do better. The blog claims that Huntress is starting by “holding ourselves to that higher standard too.”
One way the company intends to improve standards is by investing in initiatives. It plans to use some of the $40M Series B money it raised last year to do this. The first investment is in the DIVD. The company is promising other announcements in due course.
Enterprise Times: What does this mean?
This is an interesting move by Huntress, especially as it is using money it raised to fund it. Typically vendors invest in their ecosystem, sales and even R&D. Taking money and using it for the greater good with no clear ROI is brave, and Huntress should be lauded for it.
The company hopes it can be a force for good in raising support for security research. Will other vendors follow its lead? Enterprise Times is not sure. Too many security vendors see reporting CVEs as a key metric to be measured against. Investing in others to do that work doesn’t give them the same PR win.
However, the key here is that anything that can improve the security situation for SMBs and even MSPs is to be welcomed.