StackHawk logo featuring a stylized hawk icon on the left and STACKHAWK in bold, uppercase letters to the right. The white text and icon on a light gray background reflect its focus on Shift-Left Security in CI/CD.
Sign In
Get a Demo

Customer Success Story

Change.org Brings in Dev-First Security Solutions to Improve Security Posture

By integrating StackHawk and Snyk, Change.org built a scalable, standardized approach to application security—enabling developers to identify and fix vulnerabilities early, safeguard user data, and maintain trust at global scale.

A light blue downward zigzag arrow icon on a dark background, representing a decline or decrease in areas like Shift-Left Security in CI/CD.

Fewer Vulnerabilities

A simple, light blue shield icon is centered on a dark background, suggesting security or protection—perfect for representing Shift-Left Security in CI/CD.

Faster Remediation

A simple icon of a person depicted with a turquoise outline on a dark background, ideal for representing a user profile or account in Dynamic Application Security Testing (DAST) dashboards.

User Protection

GitHub logo

Use Case

Formalize their security process

Industry

Nonprofit-Owned Public Benefit Corporation

Company

Change.org

Location

San Francisco, USA

Download Full Story

Change.org recognized the need to formalize its security processes. Prior to this, individual engineers were handling security in isolation, leading to inconsistencies in scanning and addressing vulnerabilities. The team needed a way to improve their security posture and effectively protect their platform and users at scale.This lack of standardization prompted Change.org’s security team to seek effective partners. Enter Snyk and StackHawk.

Having tools like Snyk and StackHawk that align with Change.org’s rapid development and deployment ethos is crucial for maintaining the trust of users.

Will Whittake, Principal Security Engineer
A simple blue outline drawing of a magnifying glass on a light blue background, symbolizing API Attack Surface Discovery and enhanced security for GraphQL & gRPC APIs.

The Problem

As a software company operating primarily as a website, Change.org’s core is its code. Insecure or vulnerable code poses significant risks, especially when dealing with critical petitions and the sensitive data of millions of daily users. Addressing this challenge became a top priority for the security team.

A turquoise, three-dimensional lightning bolt icon is displayed on a pale blue background, symbolizing AppSec Risk Prioritization.

The Solution

Change.org, hosted on AWS, integrated Snyk’s Static Application Security Testing (SAST) with StackHawk’s Dynamic Application Security Testing solution. Change.org can now seamlessly test code for security issues prior to deployment, enabling engineers to “shift left” by finding and fixing vulnerabilities before they reach production and improving operational efficiency.

A simple teal line drawing of a shield with a check mark in the center, symbolizing protection or security such as Runtime Vulnerability Detection, on a light blue background.

The Results

Vulnerabilities have decreased, empowering the security team to swiftly identify and remediate issues. This not only protects the platform but also safeguards the millions of users who trust Change.org with their data and impactful petitions.

Choosing a Solution

The integration of Snyk and StackHawk has proven invaluable for Change.org. Previously lacking standardization in security practices, the adoption of these solutions improves the team’s security posture and gives the Change.org security team the ability to effectively protect their platform and users at scale. This transformation not only significantly reduced the number of vulnerabilities across the website and backend but also bolstered protection for Change.org’s millions of daily users. With sensitive user data and impactful petitions at stake, ensuring robust security measures is paramount.

Experience with StackHawk

Moving forward, Change.org remains committed to leveraging Snyk and StackHawk’s offerings. Actively participating in beta testing and collaborating on product enhancements, Change.org recognizes the symbiotic nature of this partnership. By contributing to the improvement of Snyk and StackHawk’s solutions, Change.org simultaneously strengthens its own security posture. Change.org views this collaboration as an extension of their capabilities, fostering a mutually beneficial relationship for all parties involved.
Now we have a formalized process for how to scan and how to remediate, and not only have we drastically cut down on the amount of vulnerabilities on our website and on the backend, we’ve been able to partner with our engineers for faster fixes, which then protects the people who use Change.org.
Mike Bogdan, Senior Manager Information Security

Explore Our Customer Stories

Black and white digital drawing of a simple maze with thick lines, symbolizing Shift-Left Security in CI/CD, featuring one entry point on the left and one exit on the right, connected by a path with several turns.

Public Benefit Corporation

Change.org needed a way to improve their security posture and effectively protect their platform and users at scale.

A simple line drawing of a computer monitor on a round stand, displaying three connected hexagons representing Runtime Vulnerability Detection on the screen.

Health Tech

A healthtech company boosted security with StackHawk for API discovery and automated CI/CD security testing, to improve efficiencies while reducing risk.

A line drawing of a document with a pie chart and text lines, next to a stack of coins with a dollar symbol on top, representing financial or business data and Runtime Vulnerability Detection.

Financial Services

Learn how one FinTech Leader deployed StackHawk to secure its Fortune 100 customers, prioritizing a shift-left and continuously secure model over just box checking for compliance requirements.

Interested in seeing StackHawk at work?

Schedule time with our team for a live demo.

Request a Live Demo