"The (HackerOne) triage team is like an extension of our own team. Worth every penny."
"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."
"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to get months worth of value from a single engagement."
"HackerOne has been much more successful at finding problems than general penetration tests have been for us."
"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."
"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."
"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."
"With HackerOne and their triage services we now have a sturdy database with ticketing capabilities. Here at AlienVault we’ve also taken advantage of their 3rd party ticketing system integration so once the triage team deems a ticket both a valid vulnerability and not a duplicate, we create a ticket directly in our ticketing system with all pertinent information. Bi-directional communications go through our ticketing system, ensuring nothing is lost or accidentally forgotten."
"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."
"The program has been successful because of the continued contributions from diverse, talented researchers."
"The HackerOne program overview page helps sell the value of having a hacker-powered security program in place. We are able to understand changes in report workload to ensure our team is equipped to meet demand, drill down into key vulnerability trends across our program, and socialize key metrics to our CISO."
"Using HackerOne saves our security team a large amount of time, but more importantly, it also saves our finance team a lot of trouble. Moving to the HackerOne platform allowed us to automate away all of the financial burdens, which are significant."
"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."
"HackerOne is a well-known platform across the information security community which aggregates the most successful bug bounty programs to date."
“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”