— Shotgun Software (www.shotgunsoftware.com), developer of cloud-based production tracking, review, and asset management software for film, TV and games (recently acquired by Autodesk), has announced that the Shotgun software application recently passed a full penetration test by global security auditing firm Bishop Fox. This assessment indicates that Shotgun’s software is meeting the requirements of the creative industry and that its clients can trust the confidentiality, integrity and availability of their intellectual property on the Shotgun platform.
Shotgun is engaged with Bishop Fox, a vendor approved by Warner Bros., 20th Century Fox and other major studios, to monitor and evaluate the security of the Shotgun application on a quarterly basis. The assessments identify, within designated times/scopes, any security issues in the Shotgun software application. The assessment team combines automated application vulnerability scanning and manual penetration testing techniques to attempt to locate attack vectors and simulate real-world exploitation. In July 2014, Shotgun received confirmation that its application passed all testing without incident or issue.
“Creative studios are in a tight spot,” said Shotgun Senior Director Don Parker. “Extremely compressed project timelines and the need to collaborate with globally distributed teams require the use of cloud-based processes, while their clients’ strict requirements for securing their intellectual property challenge many online methods for data sharing. We’re making big investments in security so our clients can have confidence in our tools and can demonstrate to their clients that Shotgun is secure and approved for use.” He added, “The way we work with Bishop Fox is more like a partnership — we collaborate closely not only to make sure each release has no vulnerabilities, but also to stay on top of security best practices, which we implement as part of our ongoing engineering and QA practices.”
In addition to its engagement with Bishop Fox, Shotgun stores files on the Amazon Web Services (AWS) platform, which complies with MPAA content security best practices, and has adjusted its software to comply with MPAA policies. Cloud-based implementations of Shotgun are currently in use on productions from all of the major studios. The company has a team of eight engineers dedicated to platform (security & performance) alone.