"We aren't the typical organisation running a bug bounty. We are a relatively small company, our attack surface is a bit more constrained than a lot of other services out there. However we take our customers security seriously. Especially when it comes to their personal and payment information. So we already try hard to make sure we keep our users safe. We hold regular internal training events to keep up to date on the web security landscape. We are pushing for PCI Level 1 compliance to make sure we have good auditing and system separation. We continuously monitor our web traffic for suspicious behaviour. Still, we felt we could do better. There's only so many of us.
So we are reaching out to security community via Bugcrowd to get access to that expertise. We want you to keep us honest and help us learn from our mistakes so we'll be listening to the community to find ways to make testing our systems as easy as possible."
View the whole post here.