-
“If you're going into a bush blind, you don't know what's going to happen.”
-
"At Qualcomm, the security researchers we have worked with are not motivated by financial gains. Instead, they want to help us make our products more secure in order to protect more people."
-
"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."
-
"Every organization has blind spots. Having the hacker community on the other side of the screen looking at those things you’ve missed means you can close those holes."
-
"We decided that we needed a more diverse group of testers, while still meeting and exceeding compliance standards, which is what led us to HackerOne and the hacker-powered security model."
-
"In addition to some amazing, creative submissions, we’ve received some incredible feedback from researchers. In just a few short months, we’ve used that feedback to make substantial changes to our scope, payments, and transparency. We want hackers to challenge and educate us, and build a trusting and respectful relationship that …
-
"The HackerOne program overview page helps sell the value of having a hacker-powered security program in place. We are able to understand changes in report workload to ensure our team is equipped to meet demand, drill down into key vulnerability trends across our program, and socialize key metrics to our …
-
“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”
-
"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."
-
"Having a bug bounty program is not an option, it's essential. Scaling internal testing can only go so far, working with the community helps uncover issues we may not have."
-
"Collaboration with HackerOne, in addition to Adobe’s pentests, uncovers unique vulnerabilities while helping Adobe meet customer security expectations. We’re leveraging the HackerOne platform for reporting, ticketing automation, and taking action on further details on vulnerabilities reported."
-
"Adobe's products are more secure thanks to our security team's collaboration with HackerOne and the security researchers we get to work with."
-
“HackerOne programs are a fundamental part of our cybersecurity strategy.”
-
“Over time, we’ve established secure development methodologies and quality testing schemes for the release of new components and changes to the platform, including the creation of a specific channel to address hacker reports, which are prioritized and included in the current sprint.”
-
"We can’t strive to be a great security team without you! You are part of my team!"