Shotgun Passes Bishop Fox Security Audit

Jul 16, 2014



We’re really pleased to let you know that the Shotgun software application has passed a full penetration test by global security auditing firm Bishop Fox. This positive assessment is a milestone in our ongoing investment in ensuring that our software meets the stringent requirements of the creative industry and that all of our clients can trust the confidentiality, integrity and availability of their intellectual property on the Shotgun platform.

We’ve engaged Bishop Fox, a vendor approved by Warner Bros., 20th Century Fox and other major studios, to monitor and evaluate the security of the Shotgun application on a quarterly basis. The assessments identify, within designated times/scopes, any security issues in the Shotgun software application. The assessment team combines automated application vulnerability scanning and manual penetration testing techniques to attempt to locate attack vectors and simulate real-world exploitation. Earlier this month we received confirmation that the application passed all testing without incident or issue.

The way we work with Bishop Fox is more like a partnership -- we collaborate closely with them to make sure each release has no vulnerabilities, but also to stay on top of security best practices, which we implement as part of our ongoing engineering and QA process.

In addition to our engagement with Bishop Fox, Shotgun stores files on the Amazon Web Services (AWS) platform, which complies with MPAA content security best practices, and we’ve adjusted our software to comply with MPAA policies. Cloud-based implementations of Shotgun are currently in use on productions from all of the major studios. And now that we’ve joined Autodesk, we have a team of eight engineers focused solely on improvements to the platform (security & performance), while other teams are working on new features.

We know that studios are in a tight spot in terms of security. Extremely compressed project timelines and the need to collaborate with globally distributed teams require the use of use cloud-based processes, while their clients’ strict requirements for securing intellectual property challenge many online methods for data sharing. We’re making big investments in security so our clients can have confidence in our tools and can demonstrate to their clients in turn that Shotgun is secure and approved for use.