“We plan to increase the size of our bug bounties. I am confident that HackerOne’s community of hackers will continue rising to the challenge.”

"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."

"The (HackerOne) triage team is like an extension of our own team. Worth every penny."

“By enabling all teams that work in cybersecurity to better understand the root causes of real-life examples, we can avoid more issues earlier in the software development lifecycle. The HackerOne workshop helps to educate 100s of Sage employees and strengthen our capabilities and how we respond to situations.”

"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."

“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”

"Every organization has blind spots. Having the hacker community on the other side of the screen looking at those things you’ve missed means you can close those holes."

"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."

"The process of manually creating credentials was tedious and time-consuming, and it often ended up in our program lacking valid credentials, especially since many of them expire after a month. This prompted us to create automated scripts and leverage HackerOne’s API to automate the process. This automation was created after …

"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."

"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."

“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”

"The program overview delivers contextual data across our vulnerability life cycle, allowing us to view trends and patterns over time so we can identify gaps and optimize our program."

“The third party inspection of code adds a layer of confidence to ownCloud’s over 8M users and administrators. Enterprises know their deployment has undergone the rigors of ownCloud QA, their own testing, and the bounty-driven testing of security experts resulting in more secure file sharing for many environments.”

"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."