“No one had done this before take a doll, put in a chip, connect to WiFi and hit an API. Our customers immediately saw the importance of that.”
"With a normal pentest, you don’t get vulnerability reports until the engagement is over. That’s not ideal, because it means vulnerabilities go unfixed for longer, and you can’t have issues retested without booking a whole new engagement. HackerOne Pentest solved both of these problems for us, and enabled us to get months worth of value from a single engagement."
"When the same internal teams are testing an application for a long time, they lose that ‘fresh-eye’ perspective that often helps in finding interesting bugs."
“HackerOne’s reputation in the bug bounty market was top notch. Their community lends itself to real-world simulation and removes the bias from working with a more traditional vendor. You get pentesters with different backgrounds and areas of expertise, and HackerOne provided the flexibility and assurance we needed to meet budgeting, SOC compliance, and internal security needs.”
"If our bug bounty program can find at least one critical vulnerability per quarter for two or three quarters in a row, we know the program is worth the money we spend on it."
"In addition to some amazing, creative submissions, we’ve received some incredible feedback from researchers. In just a few short months, we’ve used that feedback to make substantial changes to our scope, payments, and transparency. We want hackers to challenge and educate us, and build a trusting and respectful relationship that goes both ways."
"We believe there is immense value in having a bug bounty program as part of our cybersecurity strategy, and we encourage all companies, not just those in the hospitality industry, to take a similar approach and consider bug bounty as a proactive security initiative."
"The program has been successful because of the continued contributions from diverse, talented researchers."
"HackerOne’s program overview provides deeper visibility into our program health. Our team can identify specific periods where targets are being hit and missed, and course-correct as necessary."
"Using HackerOne saves our security team a large amount of time, but more importantly, it also saves our finance team a lot of trouble. Moving to the HackerOne platform allowed us to automate away all of the financial burdens, which are significant."
"We obviously can’t hire enough engineers to protect against every possible vulnerability, but we can use our bug bounty program to add on-demand expertise where we need it and continuous coverage nearly everywhere else."
"There is a lot of education left to do, both to producers and customers of security-critical code. We hope bug bounty programs becomes an industry-standard, for the sake of security and stability of the entire industry."
"HackerOne has been much more successful at finding problems than general penetration tests have been for us."
"The HackerOne program overview page helps sell the value of having a hacker-powered security program in place. We are able to understand changes in report workload to ensure our team is equipped to meet demand, drill down into key vulnerability trends across our program, and socialize key metrics to our CISO."
"A vulnerability disclosure program with bug bounties signaled LocalTapiola reaching a new level of security sophistication, not only in the financial services arena, but in the wider cyber security world too."
FeaturedCustomers has 1,812,233+ validated customer references
including reviews, case studies, success stories, customer stories,
testimonials and customer videos that will help you make better
software purchasing decisions.