Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date

Customer relationship management services provider Salesforce says it has handed out more than $12.2 million in payouts to the ethical hackers who reported vulnerabilities as part of its bug bounty program.

Customer relationship management services provider Salesforce says it has handed out more than $12.2 million in payouts to the ethical hackers who reported vulnerabilities as part of its bug bounty program.

Salesforce has been running an invitation-only bug bounty program since 2015, and has received more than 22,200 vulnerability reports to date. Since 2019, the company has handed out $9.5 million in bounty payouts.

Last year alone, the company paid over $2.8 million in bug bounty rewards, after receiving more than 4,700 reports for potential vulnerabilities in its products. For some of these findings, Salesforce paid bug bounty rewards of $30,000.

[READ: Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021]

Salesforce says that its bug bounty program helped it not only better secure its products, but also understand the trends and methods that malicious hackers may employ in attacks.

Looking to ensure that security errors are identified and addressed before products reach the market, Salesforce plans to evolve its bug bounty program to allow ethical hackers to test products earlier in their development cycles.

As part of this approach, the company last year offered higher-than-usual bug bounty rewards for eligible reports on flaws in specific Salesforce products, including the Trailhead Slack App.

Related: Cloudflare Launches Public Bug Bounty Program

Related: U.S. Government Launches ‘Hack DHS’ Bug Bounty Program

Related: GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Vulnerabilities

GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet