"The program overview delivers contextual data across our vulnerability life cycle, allowing us to view trends and patterns over time so we can identify gaps and optimize our program."

“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”

"The process of manually creating credentials was tedious and time-consuming, and it often ended up in our program lacking valid credentials, especially since many of them expire after a month. This prompted us to create automated scripts and leverage HackerOne’s API to automate the process. This automation was created after …

"With HackerOne and their triage services we now have a sturdy database with ticketing capabilities. Here at AlienVault we’ve also taken advantage of their 3rd party ticketing system integration so once the triage team deems a ticket both a valid vulnerability and not a duplicate, we create a ticket directly …

"HackerOne is a well-known platform across the information security community which aggregates the most successful bug bounty programs to date."

"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."

"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."

"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."

"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."

“By enabling all teams that work in cybersecurity to better understand the root causes of real-life examples, we can avoid more issues earlier in the software development lifecycle. The HackerOne workshop helps to educate 100s of Sage employees and strengthen our capabilities and how we respond to situations.”

"HackerOne also played a crucial role in cutting down the noise so we could focus only on the valid issues."

"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"Our goal was to increase visibility into hidden vulnerabilities and strengthen our overall security posture in a way that complemented our internal efforts."

"HackerOne’s program overview provides deeper visibility into our program health. Our team can identify specific periods where targets are being hit and missed, and course-correct as necessary."