"Security is not a one-time thing, but a continuous cycle. We know that there are always going to be bugs in software development. As we develop, and as we iterate, we want to make sure security is an active part of that process, and never a roadblock to innovation. The …

“As the world’s first ephemeral messaging platform, our customers unequivocally expect privacy and security from our products. Maintaining these principles to a high bar is vital for our company.”

"At TikTok, we always want to be proactive rather than reactive. We aim to shift left, finding bugs at an early stage to ensure the safety of our environment before it goes live."

"We chose HackerOne as it not only connected us to an existing community of seasoned security researchers but also offered productivity features that automated aspects of the bug bounty triage process."

"We are employing strategies and programs, like our VDP with HackerOne, with the sole purpose of protecting our customers, their vehicles and their data."

"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."

"Using the HackerOne platform helps us cultivate (hacker) relationships and complements the GitLab mission that everyone can contribute."

“Ensuring you’ve established the appropriate staffing levels and support structure are key to success when starting a bug bounty program, This includes security engineers to review, validate and triage the findings who can work across the development groups to test and mitigate.”

“If you're going into a bush blind, you don't know what's going to happen.”

"Our goal was to increase visibility into hidden vulnerabilities and strengthen our overall security posture in a way that complemented our internal efforts."

"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."

"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."

"Every organization has blind spots. Having the hacker community on the other side of the screen looking at those things you’ve missed means you can close those holes."

“HackerOne programs are a fundamental part of our cybersecurity strategy.”

“Over time, we’ve established secure development methodologies and quality testing schemes for the release of new components and changes to the platform, including the creation of a specific channel to address hacker reports, which are prioritized and included in the current sprint.”