Balancing speed and security: Personio's bug bounty program enables agile development

The challenge

As a rapidly evolving tech firm, Personio is constantly enhancing their existing security posture. The continuous deployment of new features meant a more dynamic and responsive method to maintain security integrity was needed.

The Bug Bounty program starts providing value from day one and can influence internal decisions in the application security program.

Carles Llobet Pons

SENIOR SECURITY ENGINEER
Personio logo

The solution

Personio implemented Intigriti's bug bounty program early in their application security program development. This decision allowed Personio to leverage crowdsourced security efforts, ensuring continuous and comprehensive testing of their platform. Intigriti's managed triage team provided invaluable support, handling the constant flow of bug bounty activities and integrating seamlessly with Personio’s existing tools like Jira. 

Key features implemented: 

  • The power of the crowd: Engaging a global community of expert security researchers to continuously test and identify vulnerabilities.

  • Managed triage service: Accurately assessing and prioritizing all findings without overloading Personio’s security team.

  • Easy integration: Merging Intigriti’s services with existing systems for smooth operation and quick response.

The incredible triage team at lntigriti may not be listed as a feature, but they are certainly our favorite aspect. Numerous times, after assessing a researcher's submission, I've turned to the internal chat with a question, only to discover that the team had already proactively addressed my concerns without me even asking.

Arnau Estebanell Castellví

Lead Security Engineer
Personio logo

The result

The collaboration with Intigriti led to significant improvements in Personio's security posture. Specific achievements included:

 

  • Discovery of critical vulnerabilities: Identifying and mitigating risks such as input sanitization issues that could lead to XSS and other vulnerabilities or misconfigured domains that could lead to subdomain takeover.

  • Proactive security measures: The insights from the bug bounty program initiated internal projects that not only addressed identified vulnerabilities quicker, but also improved overall security methodologies and tooling.

  • Continuous testing assurance: Intigriti’s managed triage team ensured that Personio’s platform was continuously tested by top security researchers, providing confidence in the platform’s security.

media

Personio

Personio, a top provider of comprehensive HR software, caters to companies with 10 to 2000 employees, supporting over one million users globally. As a rapidly growing scale-up, Personio needed a solid security solution to match its swift development pace and expanding product features.

Industry

Technology

Employees

2,000+

Customers

10,000+

Request a demo!

media

"Our security director has a simple rule of thumb. He says $1 spent in bug bounty is between $10 and $100 later - and I completely agree with him."

Ioana Piroska,
Visma Security Engineer & Bug Bounty Program Manager