-
"A vulnerability disclosure program with bug bounties signaled LocalTapiola reaching a new level of security sophistication, not only in the financial services arena, but in the wider cyber security world too."
-
"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."
-
"If I were to build an internal team to find vulnerabilities on the same scale as HackerOne, it would be very challenging — security salaries aren’t cheap, and it would take a year to ramp up a team fully. Via HackerOne, I can get immediate access to experts who are …
-
"In addition to some amazing, creative submissions, we’ve received some incredible feedback from researchers. In just a few short months, we’ve used that feedback to make substantial changes to our scope, payments, and transparency. We want hackers to challenge and educate us, and build a trusting and respectful relationship that …
-
"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."
-
"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."
-
"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."
-
"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."
-
"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."
-
"The program with HackerOne has surfaced the most interesting results across all of our AI testing and is by far the most cost-effective."
-
"Using HackerOne saves our security team a large amount of time, but more importantly, it also saves our finance team a lot of trouble. Moving to the HackerOne platform allowed us to automate away all of the financial burdens, which are significant."
-
"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."
-
"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."
-
“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”
-
“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, …