"At Qualcomm, the security researchers we have worked with are not motivated by financial gains. Instead, they want to help us make our products more secure in order to protect more people."

“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”

"We decided that we needed a more diverse group of testers, while still meeting and exceeding compliance standards, which is what led us to HackerOne and the hacker-powered security model."

"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."

“If you're going into a bush blind, you don't know what's going to happen.”

"A vulnerability disclosure program with bug bounties signaled LocalTapiola reaching a new level of security sophistication, not only in the financial services arena, but in the wider cyber security world too."

"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."

"Every organization has blind spots. Having the hacker community on the other side of the screen looking at those things you’ve missed means you can close those holes."

"Being able to have issues retested during the same engagement is a game-changer. That’s something that hasn’t been available in the past because traditionally, you didn’t receive the results of a penetration test until after the engagement was over."

"In addition to some amazing, creative submissions, we’ve received some incredible feedback from researchers. In just a few short months, we’ve used that feedback to make substantial changes to our scope, payments, and transparency. We want hackers to challenge and educate us, and build a trusting and respectful relationship that …

“HackerOne's bug bounty program suited the modern and forward-thinking tech teams at loveholidays. HackerOne's unique approach gets the approval of our DevOps engineers, encouraging them to actively work with the security team to enhance loveholidays' security posture."

"If I were to build an internal team to find vulnerabilities on the same scale as HackerOne, it would be very challenging — security salaries aren’t cheap, and it would take a year to ramp up a team fully. Via HackerOne, I can get immediate access to experts who are …

“Their bug bounty program is world-class, a top HackerOne researcher. “They value our input and care about security across their entire ecosystem.”

"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."

“Since the HackerOne Triage team is wellcalibrated on our scope, they offload some of the work from our security team, such as report triage, identifying duplicated reports, and scope mismatch. In other words, the HackerOne Triage team acts as an extension to our security team.”