"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."

"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …

“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”

"The program has been successful because of the continued contributions from diverse, talented researchers."

"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."

“If you're going into a bush blind, you don't know what's going to happen.”

"The HackerOne program overview page helps sell the value of having a hacker-powered security program in place. We are able to understand changes in report workload to ensure our team is equipped to meet demand, drill down into key vulnerability trends across our program, and socialize key metrics to our …

"HackerOne has been much more successful at finding problems than general penetration tests have been for us."

"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."

"HackerOne is a well-known platform across the information security community which aggregates the most successful bug bounty programs to date."

“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, …

"The program with HackerOne has surfaced the most interesting results across all of our AI testing and is by far the most cost-effective."

"HackerOne’s program overview provides deeper visibility into our program health. Our team can identify specific periods where targets are being hit and missed, and course-correct as necessary."

"The process of manually creating credentials was tedious and time-consuming, and it often ended up in our program lacking valid credentials, especially since many of them expire after a month. This prompted us to create automated scripts and leverage HackerOne’s API to automate the process. This automation was created after …

“We'll definitely add HackerOne to our security portfolio and leverage hacker-powered security services in the future.”