"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."

"With HackerOne and their triage services we now have a sturdy database with ticketing capabilities. Here at AlienVault we’ve also taken advantage of their 3rd party ticketing system integration so once the triage team deems a ticket both a valid vulnerability and not a duplicate, we create a ticket directly …

"Being able to have issues retested during the same engagement is a game-changer. That’s something that hasn’t been available in the past because traditionally, you didn’t receive the results of a penetration test until after the engagement was over."

"AI red teaming allows us to explore the possibilities of what attackers might achieve—not just what’s likely. Working with HackerOne has shown us that human ingenuity often outperforms adversarial datasets or AI-generated attacks."

"Hitting $1M in bounties is a badge of honor. It reflects our commitment to valuing the intelligent security researchers who help keep us safe. Bug bounty programs are notoriously difficult to build, but HackerOne’s talented community provides us with the expertise and creativity we need to secure our platform. Our …

“As the world’s first ephemeral messaging platform, our customers unequivocally expect privacy and security from our products. Maintaining these principles to a high bar is vital for our company.”

"Bug bounty programs are an important part of the modern software development lifecycle."

“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”

"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."

"We know for a fact that sending a wide variety of hackers into a wide environment will result in something meaningful. It is a fact. We cannot hire every amazing hacker and have them come work for us, but we can do these crowdsourced bug bounties. I’m done with being …

"The ideal end-state is that bug bounties become a regular, common tool in securing all IT assets across the Department of Defense. We will always have security vulnerabilities. We can approach that reality one of two ways: we can deny it, or we can be proactive, open to it and …

"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."

"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."

“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”

"Security is at the core of everything Coinbase does. HackerOne is essential to our ability to build a strong community and safe customers through engaging and rewarding the best ethical security researchers."