Case Study: LocalTapiola achieves improved SDLC and a $50,000 maximum bounty with HackerOne

Towards the $50,000 Bounty Improving SDLC with Bug Bounties

LocalTapiola set out to strengthen its software development lifecycle and overall security posture by integrating proactive vulnerability discovery into its processes. With executive security leadership recognized externally (their CISO received a national award), the company needed a structured approach to scale vulnerability management and embed privacy-by-design across development.

They adopted a layered "Secure Software Fruit Tree" strategy—launching a vulnerability disclosure program, formalizing secure development and privacy-by-design practices, performing security testing and audits, and investing in training and threat modeling. The program generated 19 bounties in a two‑month span and led LocalTapiola to raise its published maximum bounty to $50,000, the highest on HackerOne.

LocalTapiola

Leo Niemela

Chief Security Officer