"We decided that we needed a more diverse group of testers, while still meeting and exceeding compliance standards, which is what led us to HackerOne and the hacker-powered security model."

"The process of manually creating credentials was tedious and time-consuming, and it often ended up in our program lacking valid credentials, especially since many of them expire after a month. This prompted us to create automated scripts and leverage HackerOne’s API to automate the process. This automation was created after …

“The third party inspection of code adds a layer of confidence to ownCloud’s over 8M users and administrators. Enterprises know their deployment has undergone the rigors of ownCloud QA, their own testing, and the bounty-driven testing of security experts resulting in more secure file sharing for many environments.”

"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …

"Every organization has blind spots. Having the hacker community on the other side of the screen looking at those things you’ve missed means you can close those holes."

"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."

"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."

"We have an industry-leading vulnerability disclosure program that protects ethical researchers and partnered with HackerOne to include sensitive vendors in the scope of our bug bounty program to help protect our entire ecosystem. Our hope is that bug bounty programs like ours continue to spearhead a culture of collaboration and …

"A vulnerability disclosure program with bug bounties signaled LocalTapiola reaching a new level of security sophistication, not only in the financial services arena, but in the wider cyber security world too."

"HackerOne has been much more successful at finding problems than general penetration tests have been for us."

"The program has been successful because of the continued contributions from diverse, talented researchers."

"Being able to have issues retested during the same engagement is a game-changer. That’s something that hasn’t been available in the past because traditionally, you didn’t receive the results of a penetration test until after the engagement was over."

"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."

"Our goal was to increase visibility into hidden vulnerabilities and strengthen our overall security posture in a way that complemented our internal efforts."

“Since the HackerOne Triage team is wellcalibrated on our scope, they offload some of the work from our security team, such as report triage, identifying duplicated reports, and scope mismatch. In other words, the HackerOne Triage team acts as an extension to our security team.”