55 HackerOne Testimonials

“HackerOne programs are a fundamental part of our cybersecurity strategy.”

"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"We have an industry-leading vulnerability disclosure program that protects ethical researchers and partnered with HackerOne to include sensitive vendors in the scope of our bug bounty program to help protect our entire ecosystem. Our hope is that bug bounty programs like ours continue to spearhead a culture of collaboration and transparency that benefits cybersecurity as a whole."

“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”

"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."

"We decided that we needed a more diverse group of testers, while still meeting and exceeding compliance standards, which is what led us to HackerOne and the hacker-powered security model."

“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, SOC compliance, and internal security needs.”

“If you're going into a bush blind, you don't know what's going to happen.”

"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."

"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."

"We are employing strategies and programs, like our VDP with HackerOne, with the sole purpose of protecting our customers, their vehicles and their data."

"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."

"We know for a fact that sending a wide variety of hackers into a wide environment will result in something meaningful. It is a fact. We cannot hire every amazing hacker and have them come work for us, but we can do these crowdsourced bug bounties. I’m done with being afraid to know what our vulnerabilities are. That’s not okay."

"The ideal end-state is that bug bounties become a regular, common tool in securing all IT assets across the Department of Defense. We will always have security vulnerabilities. We can approach that reality one of two ways: we can deny it, or we can be proactive, open to it and use every tool in our toolbox to remediate or mitigate them."