"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."

"The program with HackerOne has surfaced the most interesting results across all of our AI testing and is by far the most cost-effective."

"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."

“It's about maintaining trust with our merchants. Entrepreneurs are running their businesses and they don't want to worry about security, so we have to ensure any issue gets addressed. HackerOne provides a return on our investment through its large community of talent and by taking care of administration, vetting researchers …

"One of the best ways for us to augment our internal security team is to work with the white hat community. This was a pain before HackerOne but now is significantly easier."

"Security is not a one-time thing, but a continuous cycle. We know that there are always going to be bugs in software development. As we develop, and as we iterate, we want to make sure security is an active part of that process, and never a roadblock to innovation. The …

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."

"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."

"AI red teaming allows us to explore the possibilities of what attackers might achieve—not just what’s likely. Working with HackerOne has shown us that human ingenuity often outperforms adversarial datasets or AI-generated attacks."

"Hitting $1M in bounties is a badge of honor. It reflects our commitment to valuing the intelligent security researchers who help keep us safe. Bug bounty programs are notoriously difficult to build, but HackerOne’s talented community provides us with the expertise and creativity we need to secure our platform. Our …

“As the world’s first ephemeral messaging platform, our customers unequivocally expect privacy and security from our products. Maintaining these principles to a high bar is vital for our company.”

"The program has been successful because of the continued contributions from diverse, talented researchers."

"We have an industry-leading vulnerability disclosure program that protects ethical researchers and partnered with HackerOne to include sensitive vendors in the scope of our bug bounty program to help protect our entire ecosystem. Our hope is that bug bounty programs like ours continue to spearhead a culture of collaboration and …

“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, …