“HackerOne programs are a fundamental part of our cybersecurity strategy.”

"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."

"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."

"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."

"Being able to have issues retested during the same engagement is a game-changer. That’s something that hasn’t been available in the past because traditionally, you didn’t receive the results of a penetration test until after the engagement was over."

“We knew that to provide a secure digital experience for our customers, we needed a partner who could connect us with the diverse, global security researcher community, with a goal of identifying novel or unusual security issues on which traditional pentests don’t usually focus. So we decided to work with …

“If you're going into a bush blind, you don't know what's going to happen.”

"HackerOne’s program overview provides deeper visibility into our program health. Our team can identify specific periods where targets are being hit and missed, and course-correct as necessary."

"We chose HackerOne as it not only connected us to an existing community of seasoned security researchers but also offered productivity features that automated aspects of the bug bounty triage process."

"HackerOne is a well-known platform across the information security community which aggregates the most successful bug bounty programs to date."

"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."

"The program has been successful because of the continued contributions from diverse, talented researchers."

"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."

"The HackerOne program overview page helps sell the value of having a hacker-powered security program in place. We are able to understand changes in report workload to ensure our team is equipped to meet demand, drill down into key vulnerability trends across our program, and socialize key metrics to our …

"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …