"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."
"In addition to some amazing, creative submissions, we’ve received some incredible feedback from researchers. In just a few short months, we’ve used that feedback to make substantial changes to our scope, payments, and transparency. We want hackers to challenge and educate us, and build a trusting and respectful relationship that goes both ways."
"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."
"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."
“However, in order to become a trusted partner you need to go further than that. With HackerOne we were able to harness the expertise and skills of a huge hacker community in real time, so we could start applying fixes straight away.”
“HackerOne programs are a fundamental part of our cybersecurity strategy.”
“Over time, we’ve established secure development methodologies and quality testing schemes for the release of new components and changes to the platform, including the creation of a specific channel to address hacker reports, which are prioritized and included in the current sprint.”
“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”
"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."
"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."
"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."
“It's about maintaining trust with our merchants. Entrepreneurs are running their businesses and they don't want to worry about security, so we have to ensure any issue gets addressed. HackerOne provides a return on our investment through its large community of talent and by taking care of administration, vetting researchers and handling payments.”
"One of the best ways for us to augment our internal security team is to work with the white hat community. This was a pain before HackerOne but now is significantly easier."
"Security is not a one-time thing, but a continuous cycle. We know that there are always going to be bugs in software development. As we develop, and as we iterate, we want to make sure security is an active part of that process, and never a roadblock to innovation. The HackerOne bug bounty program allows us to put another cog in the wheel of security."
"We have an industry-leading vulnerability disclosure program that protects ethical researchers and partnered with HackerOne to include sensitive vendors in the scope of our bug bounty program to help protect our entire ecosystem. Our hope is that bug bounty programs like ours continue to spearhead a culture of collaboration and transparency that benefits cybersecurity as a whole."
FeaturedCustomers has 1,811,706+ validated customer references
including reviews, case studies, success stories, customer stories,
testimonials and customer videos that will help you make better
software purchasing decisions.