"Having a bug bounty program is not an option, it's essential. Scaling internal testing can only go so far, working with the community helps uncover issues we may not have."

"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."

"We can’t strive to be a great security team without you! You are part of my team!"

"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."

"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."

“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”

"HackerOne is a well-known platform across the information security community which aggregates the most successful bug bounty programs to date."

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."

"We know for a fact that sending a wide variety of hackers into a wide environment will result in something meaningful. It is a fact. We cannot hire every amazing hacker and have them come work for us, but we can do these crowdsourced bug bounties. I’m done with being …

"The ideal end-state is that bug bounties become a regular, common tool in securing all IT assets across the Department of Defense. We will always have security vulnerabilities. We can approach that reality one of two ways: we can deny it, or we can be proactive, open to it and …

"At Qualcomm, the security researchers we have worked with are not motivated by financial gains. Instead, they want to help us make our products more secure in order to protect more people."

"The (HackerOne) triage team is like an extension of our own team. Worth every penny."

"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."

"Being able to have issues retested during the same engagement is a game-changer. That’s something that hasn’t been available in the past because traditionally, you didn’t receive the results of a penetration test until after the engagement was over."