Customer relationship management services provider Salesforce says it has handed out more than $12.2 million in payouts to the ethical hackers who reported vulnerabilities as part of its bug bounty program.
Salesforce has been running an invitation-only bug bounty program since 2015, and has received more than 22,200 vulnerability reports to date. Since 2019, the company has handed out $9.5 million in bounty payouts.
Last year alone, the company paid over $2.8 million in bug bounty rewards, after receiving more than 4,700 reports for potential vulnerabilities in its products. For some of these findings, Salesforce paid bug bounty rewards of $30,000.
[READ: Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021]
Salesforce says that its bug bounty program helped it not only better secure its products, but also understand the trends and methods that malicious hackers may employ in attacks.
Looking to ensure that security errors are identified and addressed before products reach the market, Salesforce plans to evolve its bug bounty program to allow ethical hackers to test products earlier in their development cycles.
As part of this approach, the company last year offered higher-than-usual bug bounty rewards for eligible reports on flaws in specific Salesforce products, including the Trailhead Slack App.
Related: Cloudflare Launches Public Bug Bounty Program
Related: U.S. Government Launches ‘Hack DHS’ Bug Bounty Program
Related: GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016

More from Ionut Arghire
- Google Leads $16 Million Investment in Dope.security
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
