Spotify has 232M active monthly users, more than 50 million music tracks and 450,000 podcast titles. Oh yes, and a “Priority 0” policy when it comes to security which has seen $120,000 being paid to hackers. Before moving to the HackerOne bug bounty platform in May 2017, Spotify relied upon emails to a “security” mailbox or personal contacts of the Spotify security team to find out about vulnerabilities. Unsurprisingly, it didn’t receive a massive number of reports this way and managing them by hand wasn’t going to scale. Since then, however, things have changed.