Case Study: Sumo Logic achieves a stronger security posture and compliance with HackerOne

Sumo Logic Uses Hacker-powered Pen Tests for Security and Compliance

Sumo Logic, a cloud-based log management and analytics provider trusted by customers like Samsung and Adobe, faced a security dilemma: repeated pen tests returned clean results that masked undiscovered risks. Chief Security Officer George Gerchow wanted a more diverse, transparent approach that would meet strict compliance and auditing requirements while proving the company’s security posture.

Sumo Logic ran private, time‑bound HackerOne Challenges beginning in Q4 2017, bringing in external hackers plus auditors and HackerOne managed services to triage reports. In the first 15‑day challenge five hackers found 12 issues missed by prior pen tests; across three challenges 93 hackers reported 30 vulnerabilities (9 high/critical). Rapid remediation — including a patched social‑engineering bug — improved response times, strengthened defenses, and satisfied auditors.

Sumo Logic

George Gerchow

Chief Security Officer