COVER STORY nd-user
GRAMMARLY EXCEEDS CUSTOMER EXPECTATIONS WITH HACKER- POWERED SECURITY
As the world ’ s leading AI communication assistant serving more than 30 million people and 50,000 teams daily , Grammarly ’ s top priority is to ensure the data its customers trust it with remains secure and private . To strengthen that trust and guarantee that every new product version is exposed to security researchers , with validation and testing happening around the clock , Grammarly turned to cybersecurity company , HackerOne . Suha Can , CISO of Grammarly , dives deeper into how the company went above and beyond standard security practices to provide the most secure and private product possible and Alex Rice , Co-founder & CTO , HackerOne , offers his input into how it worked with Grammarly to improve the company ’ s security strategy . n mid-2017 ,
I
Grammarly was in the early stages of accelerated growth . To ensure robust security as it scaled , it wanted to understand where there might be existing and potential gaps in its security . The organisation was also eager to give its users additional assurance that its product was secure .
The idea to implement a bug bounty program was introduced by Grammarly ’ s engineering team and supported by executive leaders as a top priority . Grammarly launched a private bug bounty program with HackerOne Bounty in September 2017 . It knew ongoing collaboration with a talented group of security researchers would lead to a better , more secure product . The Grammarly team worked with HackerOne to define program policies , scope and best practices for reporting metrics , bounty rewards and response SLAs . HackerOne also assisted Grammarly in planning the long-term hacker-powered security program , which would ultimately include a public HackerOne Bounty program and HackerOne Pentests . The result was a successful bug bounty program supported by healthy performance and engagement metrics . The private bug bounty program showed a quick return on investment and early findings resulted in systematic changes across all production environments to ensure end-to-end protection .
Suha Can , CISO of Grammarly , tells us more about how the organisation achieved what it set out to .
Can you give an overview of what it is that Grammarly does and how you remain the world ’ s leading writing assistant ?
Grammarly is an innovative AI company and it ’ s all about enabling people to compose , revise and comprehend what they ’ re writing , wherever they ’ re writing . Privacy is at the centre of all our offerings . We have individuals using Grammarly to write , we also have businesses leveraging
Suha Can , CISO of Grammarly
Grammarly within their workflows to increase their productivity , to be more on-brand with their tone and overall to improve their communications . Our mission is improving lives by improving communication .
What did you set out to achieve ahead of your collaboration with HackerOne and what were your strategic priorities ?
The main starting point for us was that we wanted to know what we didn ’ t know and this led us to HackerOne . We use third www . intelligentciso . com
51