-
"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."
-
"With HackerOne and their triage services we now have a sturdy database with ticketing capabilities. Here at AlienVault we’ve also taken advantage of their 3rd party ticketing system integration so once the triage team deems a ticket both a valid vulnerability and not a duplicate, we create a ticket directly …
-
"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."
-
"A vulnerability disclosure program with bug bounties signaled LocalTapiola reaching a new level of security sophistication, not only in the financial services arena, but in the wider cyber security world too."
-
"Being able to have issues retested during the same engagement is a game-changer. That’s something that hasn’t been available in the past because traditionally, you didn’t receive the results of a penetration test until after the engagement was over."
-
“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”
-
"We believe there is immense value in having a bug bounty program as part of our cybersecurity strategy, and we encourage all companies, not just those in the hospitality industry, to take a similar approach and consider bug bounty as a proactive security initiative."
-
"The program with HackerOne has surfaced the most interesting results across all of our AI testing and is by far the most cost-effective."
-
"We are employing strategies and programs, like our VDP with HackerOne, with the sole purpose of protecting our customers, their vehicles and their data."
-
"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."
-
"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."
-
“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”
-
"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."
-
"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."
-
"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."