HackerOne

What HackerOne Customers Say About the Problems Hackers Solve

Ethical hackers solving security problems

HackerOne’s Security@ Global Tour series of events gives you direct access to some of our top hackers and customers. Delegates have the opportunity to ask any question about both sides of the relationship. 

In this series of blogs, we will learn from bug bounty and pentest customers from a variety of industries how they secured organizational buy-in for their programs, navigate vulnerability remediation conversations with asset owners, share their best practices for engaging with hackers, and measure success.

The Problems Customers Use Ethical Hackers To Solve

Organizations work with ethical hackers to address a range of issues, including knowing unknowns, preventing breaches, meeting regulatory compliance, and helping the security budget.

“We don’t know everything that we have live so it’s a powerful tool to be able to say to the community “tell us what we don’t know.” It’s then my responsibility to find who is responsible for fixing these obscure assets.” 
— Matthew Copperwaite, Senior Cyber Security Engineer, Financial Times

“If I were to build an internal team to find vulnerabilities on the same scale as HackerOne, it would be very challenging — security salaries aren’t cheap, and it would take a year to fully ramp up a team. Via HackerOne, I can get immediate access to experts who are incentivized to find the most impactful vulnerabilities. This flexibility means we haven’t had to compromise company growth for security.”
— Dmitri Lerko, Head of Engineering, loveholidays 

“Our bug bounty is the last line of defense. If we’re getting reports on a product that is live, we know we should have found those issues earlier, so we focus on learning from the report and how to avoid it in the future.”
— Matthew Copperwaite, Senior Cyber Security Engineer, Financial Times

“We tell ourselves that industry certifications and cybersecurity laws can solve security, but when have certifications ever stopped incidents? Hackers are really special; if you want to catch an attacker, you need to think like an attacker, and attackers don’t think about the papers you have. When it comes to real breaches and attacks, I use real vulnerabilities to show impact.” 
— Alexander Korotkov, a CISO from a global SaaS provider

To gain more insights like these firsthand, check out the next stops on the Security@ Global Tour. If you're interested in learning more about the power of ethical hackers for your security program, contact the experts at HackerOne today.

The Ultimate Guide to Managing Ethical and Security Risks in AI

AI Ebook