“We like Bugcrowd’s approach. A structured format for reporting issues helps drive better quality bugs and filter out noise while the handling of bounty payments is a huge time savings for us. Having a third party help manage researchers will be very valuable.”

“It’s a win-win situation—either the Crowd finds something we didn’t see, in which case we can fix it. Or they don’t find anything, which validates our efforts.”

“The hacker community can outrun threat actors at an unprecedented pace. Not even the largest security teams can do what Bugcrowd can achieve.”

“We decided to run a bug bounty program in order to get access to a wide variety of security testers. Hiring security researchers is very difficult in today’s market, and even if you can find one, chances are good that person will be a specialist in only one or two …

"We have products that cover a wide variety of applications that utilize various technologies, so we need security testing that can cover all those areas. Bugcrowd’s Ongoing Private Bug Bounty is the best way to get the coverage. Of course, this entire line of thinking starts with the premise that …

"By adding a managed bug bounty program through Bugcrowd, we are adding one more layer to our security program."

“At Okta, we’re squarely focused on customer success. For my security team, that translates directly to customer security and assurance. Our private bug bounty program with Bugcrowd expanded coverage of my internal attack team by adding a solid bench of diversity and breadth of capabilities.”

"We now have greater peace of mind that our platforms and data are protected, which is invaluable to the business and our customers."

“The Jira integration was a huge value-add for us. We’ve built our communication channel inside the company is designed all around Jira. The fact that we could bolt on Bugcrowd’s solution to our Jira system and extend that in through our current communication channel made that portion of the transition …

“I could have called anyone to get a clean bill of health, but that`s not our business. We called Bugcrowd because we wanted the most in-depth vetting of our security posture. It`s beyond compliance it`s about true risk reduction.”

“Security researchers help us by pointing out vulnerabilities that may not have yet been identified, contributing to an improved security posture.”

"The number of Bugcrowd findings is a true measure of our maturity as a company. I want to get to a point in the not too distant future where I am showing a graph at every board meeting that shows a meager number of Bugcrowd findings and not for lack …

“We think of the bug bounty program as ‘part of this complete breakfast’. You have all these internal activities, and the Bugcrowd program for us is a nice supplement to those things–it catches bugs that our internal testing didn’t catch. It also gives us information in what it doesn’t report.”

“It’s a no brainer. You’re getting a much larger pool of people with different back grounds. Whether they’re cloud or mobile or firmware and they’re looking at the product. You get a much better sense of the quality and security of the device rather than going to one or two …

“Bugcrowd identified solutions and workflows that fit nicely into our company and current process.”