The continuous aspect of HackerOne is what is very appealing and gives us confidence .
COVER STORY
The continuous aspect of HackerOne is what is very appealing and gives us confidence .
party companies to come in and test our security and compliance controls . We have our own internal red team that does end-to-end offensive security operations to identify and mitigate issues , but all of this is not enough because we don ’ t believe we are smarter than the entire community of ethical hackers . Grammarly has a lot of different environments it runs on : a browser extension where you ’ re writing in the browser ; desktop software ; web services ; an Android keyboard , so considering the multitude of platforms , there is a significant variety of different attack surfaces . I don ’ t think any single company can have internal expertise that they can claim across all these areas . This was really appealing for us early on because there ’ s a global community of hackers with all sorts of different expertise and we really benefitted from this .
How did you go above and beyond standard security practices to provide the most secure product possible ?
We do a lot of fundamental security practices that other companies do but for us , trust is paramount . There are three pillars of success for us : trust , context and ubiquity . We bring personalised context as someone is writing so that we can provide the best assistance possible for them to drive better business outcomes . We are ubiquitous , providing seamless communication assistance across 500,000 + apps and websites . Lastly , to achieve ubiquity and context , we hold a high bar for trust , privacy and security . We have the highest standards possible , including third-party security scrutiny on a continuous basis .
How did you work with HackerOne to ensure that every new product version is exposed to security researchers , with validation and testing happening around the clock ?
With HackerOne , when you put something out there , it ’ s continuous . The attention is continuous and with security , things often regress – so you will build a control and launch it , it works perfectly at that point in time but the whole product changes . Whatever mitigation you think is there
52 www . intelligentciso . com