With Supply chain attacks on the rise bad actors are actively targeting MSP's and RMM software providers. There are recent reports of attackers using Atera with Zloader in the wild on DarkReading.com. The actor vector will be the same for all RMMs at some point in time.

https://www.darkreading.com/attacks-breaches/new-attack-campaign-exploits-microsoft-signature-verification

My request is that Atera get independently penetration tested on an annual basis and publish the results of that independent third party test.