Shotgun is engaged with Bishop Fox, a vendor approved by Warner Bros., 20th Century Fox and other major studios, to monitor and evaluate the security of the Shotgun application on a quarterly basis. The assessments identify, within designated times/scopes, any security issues in the Shotgun software application. The assessment team combines automated application vulnerability scanning and manual penetration testing techniques to attempt to locate attack vectors and simulate real-world exploitation. In July 2014, Shotgun received confirmation that its application passed all testing without incident or issue.
“Creative studios are in a tight spot,” said Shotgun Senior Director Don Parker. “Extremely compressed project timelines and the need to collaborate with globally distributed teams require the use of cloud-based processes, while their clients’ strict requirements for securing their intellectual property challenge many online methods for data sharing. We’re making big investments in security so our clients can have confidence in our tools and can demonstrate to their clients that Shotgun is secure and approved for use.” He added, “The way we work with Bishop Fox is more like a partnership — we collaborate closely not only to make sure each release has no vulnerabilities, but also to stay on top of security best practices, which we implement as part of our ongoing engineering and QA practices.”
In addition to its engagement with Bishop Fox, Shotgun stores files on the Amazon Web Services (AWS) platform, which complies with MPAA content security best practices, and has adjusted its software to comply with MPAA policies. Cloud-based implementations of Shotgun are currently in use on productions from all of the major studios. The company has a team of eight engineers dedicated to platform (security & performance) alone.