Balancing speed and security: Personio's bug bounty program enables agile development
The challenge
As a rapidly evolving tech firm, Personio is constantly enhancing their existing security posture. The continuous deployment of new features meant a more dynamic and responsive method to maintain security integrity was needed.
The Bug Bounty program starts providing value from day one and can influence internal decisions in the application security program.
Carles Llobet Pons
SENIOR SECURITY ENGINEERThe solution
Personio implemented Intigriti's bug bounty program early in their application security program development. This decision allowed Personio to leverage crowdsourced security efforts, ensuring continuous and comprehensive testing of their platform. Intigriti's managed triage team provided invaluable support, handling the constant flow of bug bounty activities and integrating seamlessly with Personio’s existing tools like Jira.
Key features implemented:
The power of the crowd: Engaging a global community of expert security researchers to continuously test and identify vulnerabilities.
Managed triage service: Accurately assessing and prioritizing all findings without overloading Personio’s security team.
Easy integration: Merging Intigriti’s services with existing systems for smooth operation and quick response.
The incredible triage team at lntigriti may not be listed as a feature, but they are certainly our favorite aspect. Numerous times, after assessing a researcher's submission, I've turned to the internal chat with a question, only to discover that the team had already proactively addressed my concerns without me even asking.
Arnau Estebanell Castellví
Lead Security EngineerThe result
The collaboration with Intigriti led to significant improvements in Personio's security posture. Specific achievements included:
Discovery of critical vulnerabilities: Identifying and mitigating risks such as input sanitization issues that could lead to XSS and other vulnerabilities or misconfigured domains that could lead to subdomain takeover.
Proactive security measures: The insights from the bug bounty program initiated internal projects that not only addressed identified vulnerabilities quicker, but also improved overall security methodologies and tooling.
Continuous testing assurance: Intigriti’s managed triage team ensured that Personio’s platform was continuously tested by top security researchers, providing confidence in the platform’s security.
Personio
Personio, a top provider of comprehensive HR software, caters to companies with 10 to 2000 employees, supporting over one million users globally. As a rapidly growing scale-up, Personio needed a solid security solution to match its swift development pace and expanding product features.
Industry
Technology
Employees
2,000+
Customers
10,000+
Request a demo!
"Our security director has a simple rule of thumb. He says $1 spent in bug bounty is between $10 and $100 later - and I completely agree with him."
Ioana Piroska,
Visma Security Engineer & Bug Bounty Program Manager