"Hitting $1M in bounties is a badge of honor. It reflects our commitment to valuing the intelligent security researchers who help keep us safe. Bug bounty programs are notoriously difficult to build, but HackerOne’s talented community provides us with the expertise and creativity we need to secure our platform. Our …

“HackerOne programs are a fundamental part of our cybersecurity strategy.”

"One of the best ways for us to augment our internal security team is to work with the white hat community. This was a pain before HackerOne but now is significantly easier."

"We have an industry-leading vulnerability disclosure program that protects ethical researchers and partnered with HackerOne to include sensitive vendors in the scope of our bug bounty program to help protect our entire ecosystem. Our hope is that bug bounty programs like ours continue to spearhead a culture of collaboration and …

"Hai gives us actionable suggestions that have eliminated busy work, so we can complete tasks faster and think strategically about continuously improving our overall cybersecurity posture."

"We tried pen testing before and found it very expensive and practically useless. The first week we launched HackerOne they found several high priority bugs. Huge value at the fraction of the costs."

"We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn't fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer."

"We know for a fact that sending a wide variety of hackers into a wide environment will result in something meaningful. It is a fact. We cannot hire every amazing hacker and have them come work for us, but we can do these crowdsourced bug bounties. I’m done with being …

"The ideal end-state is that bug bounties become a regular, common tool in securing all IT assets across the Department of Defense. We will always have security vulnerabilities. We can approach that reality one of two ways: we can deny it, or we can be proactive, open to it and …

"We need to move to a world. Where all companies providing internet services and devices adhere to a vulnerability disclosure policy."

“By enabling all teams that work in cybersecurity to better understand the root causes of real-life examples, we can avoid more issues earlier in the software development lifecycle. The HackerOne workshop helps to educate 100s of Sage employees and strengthen our capabilities and how we respond to situations.”

"The (HackerOne) triage team is like an extension of our own team. Worth every penny."

"We’ve received a lot of guidance (on working with hackers) from HackerOne and it's been a great experience."

"The flexibility of the platform and depth of the HackerOne community has made it a perfect fit for GoodRx."

“We want to see a world where a launch means something regarding security. Buyers banding together to require minimum mandatory bug bounties would send a signal to new companies that they have to secure their users before they can make a sale.”