I hope this post doesn't come across as a brag as it's not meant to be, being arrogant about security only ends one way after all...
I published this because I want to be open about how we do these things, because I think we safely can be and it shows that we care and don't just pay lip-service to security
If you'd like to show us up for our security though, please do peek at our HackerOne program. I'm a program admin on it and I'd love to read more interesting reports https://hackerone.com/monzo <3 (I know it doesn't have a paid bounty yet, I'm advocating for it)
it comes off as marketing based on security which is no different than bragging in my opinion. You have a program for dealing with security vulnerabilities - clearly this blog post was to tell people about how good your security is. It's marketing.
I published this because I want to be open about how we do these things, because I think we safely can be and it shows that we care and don't just pay lip-service to security
If you'd like to show us up for our security though, please do peek at our HackerOne program. I'm a program admin on it and I'd love to read more interesting reports https://hackerone.com/monzo <3 (I know it doesn't have a paid bounty yet, I'm advocating for it)