“Since the HackerOne Triage team is wellcalibrated on our scope, they offload some of the work from our security team, such as report triage, identifying duplicated reports, and scope mismatch. In other words, the HackerOne Triage team acts as an extension to our security team.”

"We have a strong partnership with HackerOne. Since launching the program in 2020, we've deeply valued their support, which has allowed us to greatly expand our program's scope and impact."

"At TikTok, we always want to be proactive rather than reactive. We aim to shift left, finding bugs at an early stage to ensure the safety of our environment before it goes live."

"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."

“If you're going into a bush blind, you don't know what's going to happen.”

“It's about maintaining trust with our merchants. Entrepreneurs are running their businesses and they don't want to worry about security, so we have to ensure any issue gets addressed. HackerOne provides a return on our investment through its large community of talent and by taking care of administration, vetting researchers …

"One of the best ways for us to augment our internal security team is to work with the white hat community. This was a pain before HackerOne but now is significantly easier."

"Security is not a one-time thing, but a continuous cycle. We know that there are always going to be bugs in software development. As we develop, and as we iterate, we want to make sure security is an active part of that process, and never a roadblock to innovation. The …

"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."

"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to …

"At Qualcomm, the security researchers we have worked with are not motivated by financial gains. Instead, they want to help us make our products more secure in order to protect more people."

"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."

"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."

"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."

"Security bugs are going to be reported and they’re going to throw a wrench in your plans for the sprint/ month/quarter."