"If I were to build an internal team to find vulnerabilities on the same scale as HackerOne, it would be very challenging — security salaries aren’t cheap, and it would take a year to ramp up a team fully. Via HackerOne, I can get immediate access to experts who are …

“We plan to increase the size of our bug bounties. I am confident that HackerOne’s community of hackers will continue rising to the challenge.”

"Having a bug bounty program is not an option, it's essential. Scaling internal testing can only go so far, working with the community helps uncover issues we may not have."

“We'll definitely add HackerOne to our security portfolio and leverage hacker-powered security services in the future.”

"We have a strong partnership with HackerOne. Since launching the program in 2020, we've deeply valued their support, which has allowed us to greatly expand our program's scope and impact."

"At TikTok, we always want to be proactive rather than reactive. We aim to shift left, finding bugs at an early stage to ensure the safety of our environment before it goes live."

"Collaboration with HackerOne, in addition to Adobe’s pentests, uncovers unique vulnerabilities while helping Adobe meet customer security expectations. We’re leveraging the HackerOne platform for reporting, ticketing automation, and taking action on further details on vulnerabilities reported."

"Adobe's products are more secure thanks to our security team's collaboration with HackerOne and the security researchers we get to work with."

"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …

“Since the HackerOne Triage team is wellcalibrated on our scope, they offload some of the work from our security team, such as report triage, identifying duplicated reports, and scope mismatch. In other words, the HackerOne Triage team acts as an extension to our security team.”

“If you're going into a bush blind, you don't know what's going to happen.”

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”

"The process of manually creating credentials was tedious and time-consuming, and it often ended up in our program lacking valid credentials, especially since many of them expire after a month. This prompted us to create automated scripts and leverage HackerOne’s API to automate the process. This automation was created after …

"In addition to some amazing, creative submissions, we’ve received some incredible feedback from researchers. In just a few short months, we’ve used that feedback to make substantial changes to our scope, payments, and transparency. We want hackers to challenge and educate us, and build a trusting and respectful relationship that …

“By enabling all teams that work in cybersecurity to better understand the root causes of real-life examples, we can avoid more issues earlier in the software development lifecycle. The HackerOne workshop helps to educate 100s of Sage employees and strengthen our capabilities and how we respond to situations.”