-
“Over time, we’ve established secure development methodologies and quality testing schemes for the release of new components and changes to the platform, including the creation of a specific channel to address hacker reports, which are prioritized and included in the current sprint.”
-
"We can’t strive to be a great security team without you! You are part of my team!"
-
"We have a strong partnership with HackerOne. Since launching the program in 2020, we've deeply valued their support, which has allowed us to greatly expand our program's scope and impact."
-
"Using HackerOne saves our security team a large amount of time, but more importantly, it also saves our finance team a lot of trouble. Moving to the HackerOne platform allowed us to automate away all of the financial burdens, which are significant."
-
"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."
-
"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."
-
"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …
-
"With HackerOne and their triage services we now have a sturdy database with ticketing capabilities. Here at AlienVault we’ve also taken advantage of their 3rd party ticketing system integration so once the triage team deems a ticket both a valid vulnerability and not a duplicate, we create a ticket directly …
-
"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."
-
"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."
-
“Their bug bounty program is world-class, a top HackerOne researcher. “They value our input and care about security across their entire ecosystem.”
-
"Working with HackerOne, we have had a solid return on investment while reducing risk. Zebra has scaled our security program across the different product offerings within HackerOne from security assessments for product releases, bug bounty for continuous testing, and a mechanism for third-party security researchers to submit vulnerabilities."
-
"We have been on a mission to transition from being a hardware company to also providing software and services for our customers. Certainly, that changes one's security lens. It's a completely different environment to have cloud-based, retail execution software available for enterprise-level organizations compared to having hardware- based printers installed …
-
"We have an industry-leading vulnerability disclosure program that protects ethical researchers and partnered with HackerOne to include sensitive vendors in the scope of our bug bounty program to help protect our entire ecosystem. Our hope is that bug bounty programs like ours continue to spearhead a culture of collaboration and …
-
"A vulnerability disclosure program with bug bounties signaled LocalTapiola reaching a new level of security sophistication, not only in the financial services arena, but in the wider cyber security world too."