Skip to main content
Snow’s Approach to Security and the Use of Bug Bounties

Snow’s Approach to Security and the Use of Bug Bounties

By Alastair Pooley | November 04, 2021

At Snow Software we have always prioritized the security of our products, as we recognize that the trust given to us by our customers and partners must be protected. Several years ago, Snow launched a responsible disclosure program, and we took it even further in 2020 by launching our bug bounty program.

Offered by many websites, organizations and software developers, a bounty program allows individuals to receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. It encourages security researchers to help refine and improve products. While we have always proactively conducted regular penetration tests on all Snow products, by adding such “responsible disclosure” mechanisms, we can greatly enhance our security.

Over the past year, many organizations have told us they increased the level of scrutiny they carry out for all new suppliers. Looking at an organization’s approach to responsible disclosure and bug bounties is a good way of assessing a supplier’s maturity and whether you can trust them with your data. For example, if you look at companies like Microsoft, Salesforce and Apple, they all have active programs.

Building on Snow's security program

To further develop our security program, in September 2021, Snow became a Common Vulnerabilities and Exposure (CVE) numbering authority. CVE records are crucial tools that allow organizations to track known vulnerabilities within their technology estate. Snow has become a CVE numbering authority so we can allocate CVE numbers and better manage our responsible disclosure process. It also allows Snow to contribute to the wider CVE community which our products consume, to provide our customers and partners with a better perspective on their risk.

Snow Risk Monitor uses vulnerability data from several sources, including the CVE feed from the National Vulnerability Database (NVD) in the U.S. Our customers and partners alike use Snow Risk Monitor to analyze their own inventory data for known vulnerabilities. Visibility of unpatched bugs helps highlight risk and typically leads to change within an organization as it enables the security team to advocate for improved security management.

Staying on top of risks 

At Snow, we believe it is our responsibility to safeguard our customers’ and partners’ data, along with our own. The Snow platform further amplifies this by allowing our customers and partners to assess the constantly evolving environment and ensure that they are on top of the risks they are facing.

Tags

You May Also Like

Product-Led Growth and Why ITAM Shouldn't Be Afraid of It
Product-Led Growth and Why ITAM Shouldn't Be Afraid of It
Learn why product-led growth is growing like wildfire among software vendors today.
Read More
Study: Reaping the Benefits of Cloud Begins With Facing the Realities
Study: Reaping the Benefits of Cloud Begins With Facing the Realities
We polled more than 500 IT leaders from organizations in both the US and UK to better understand the current state of cloud infrastructure within the enterprise.
Read More
Top 4 Findings From the Gartner Market Guide for Software Asset Management Tools
Top 4 Findings From Gartner's Market Guide for Software Asset Management Tools
Discover how the market is changing and what you should look for in a SAM tool today.
Read More