"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …

"HackerOne Code not only gives us real-time security before code goes to production, we're seeing value in getting insight from professional developers in the industry."

"We have a strong partnership with HackerOne. Since launching the program in 2020, we've deeply valued their support, which has allowed us to greatly expand our program's scope and impact."

“HackerOne programs are a fundamental part of our cybersecurity strategy.”

“Over time, we’ve established secure development methodologies and quality testing schemes for the release of new components and changes to the platform, including the creation of a specific channel to address hacker reports, which are prioritized and included in the current sprint.”

“If you're going into a bush blind, you don't know what's going to happen.”

"Our goal was to increase visibility into hidden vulnerabilities and strengthen our overall security posture in a way that complemented our internal efforts."

“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”

"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"HackerOne’s program overview provides deeper visibility into our program health. Our team can identify specific periods where targets are being hit and missed, and course-correct as necessary."

"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."

"We know for a fact that sending a wide variety of hackers into a wide environment will result in something meaningful. It is a fact. We cannot hire every amazing hacker and have them come work for us, but we can do these crowdsourced bug bounties. I’m done with being …

"The ideal end-state is that bug bounties become a regular, common tool in securing all IT assets across the Department of Defense. We will always have security vulnerabilities. We can approach that reality one of two ways: we can deny it, or we can be proactive, open to it and …

"At Qualcomm, the security researchers we have worked with are not motivated by financial gains. Instead, they want to help us make our products more secure in order to protect more people."