"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."
"The program has been successful because of the continued contributions from diverse, talented researchers."
“If you're going into a bush blind, you don't know what's going to happen.”
“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, SOC compliance, and internal security needs.”
"The (HackerOne) triage team is like an extension of our own team. Worth every penny."
"We decided that we needed a more diverse group of testers, while still meeting and exceeding compliance standards, which is what led us to HackerOne and the hacker-powered security model."
"HackerOne’s program overview provides deeper visibility into our program health. Our team can identify specific periods where targets are being hit and missed, and course-correct as necessary."
"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."
"We know for a fact that sending a wide variety of hackers into a wide environment will result in something meaningful. It is a fact. We cannot hire every amazing hacker and have them come work for us, but we can do these crowdsourced bug bounties. I’m done with being afraid to know what our vulnerabilities are. That’s not okay."
"The ideal end-state is that bug bounties become a regular, common tool in securing all IT assets across the Department of Defense. We will always have security vulnerabilities. We can approach that reality one of two ways: we can deny it, or we can be proactive, open to it and use every tool in our toolbox to remediate or mitigate them."
"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."
"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."
"Our public bug bounty program is as important to the security of our product and company as any other program we run within our Security Team."
"A greater amount of diverse vulnerabilities allows us to identify and improve our SDL more efficiently and to keep learning new trends and approaches about vulnerabilities, new attack vectors, and blind spots."
"The success of the program helped us boost our cybersecurity in a matter of weeks."
FeaturedCustomers has 1,829,652+ validated customer references
including reviews, case studies, success stories, customer stories,
testimonials and customer videos that will help you make better
software purchasing decisions.