"The program has been successful because of the continued contributions from diverse, talented researchers."

“Over time, we’ve established secure development methodologies and quality testing schemes for the release of new components and changes to the platform, including the creation of a specific channel to address hacker reports, which are prioritized and included in the current sprint.”

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"The program with HackerOne has surfaced the most interesting results across all of our AI testing and is by far the most cost-effective."

"At Qualcomm, the security researchers we have worked with are not motivated by financial gains. Instead, they want to help us make our products more secure in order to protect more people."

"The program overview delivers contextual data across our vulnerability life cycle, allowing us to view trends and patterns over time so we can identify gaps and optimize our program."

"Every organization has blind spots. Having the hacker community on the other side of the screen looking at those things you’ve missed means you can close those holes."

"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."

“We'll definitely add HackerOne to our security portfolio and leverage hacker-powered security services in the future.”

"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."

"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."

"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."

“HackerOne programs are a fundamental part of our cybersecurity strategy.”

“We knew that to provide a secure digital experience for our customers, we needed a partner who could connect us with the diverse, global security researcher community, with a goal of identifying novel or unusual security issues on which traditional pentests don’t usually focus. So we decided to work with …

“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, …