Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date

Customer relationship management services provider Salesforce says it has handed out more than $12.2 million in payouts to the ethical hackers who reported vulnerabilities as part of its bug bounty program.

Salesforce has been running an invitation-only bug bounty program since 2015, and has received more than 22,200 vulnerability reports to date. Since 2019, the company has handed out $9.5 million in bounty payouts.

Last year alone, the company paid over $2.8 million in bug bounty rewards, after receiving more than 4,700 reports for potential vulnerabilities in its products. For some of these findings, Salesforce paid bug bounty rewards of $30,000.

[READ: Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021]

Salesforce says that its bug bounty program helped it not only better secure its products, but also understand the trends and methods that malicious hackers may employ in attacks.

Looking to ensure that security errors are identified and addressed before products reach the market, Salesforce plans to evolve its bug bounty program to allow ethical hackers to test products earlier in their development cycles.

As part of this approach, the company last year offered higher-than-usual bug bounty rewards for eligible reports on flaws in specific Salesforce products, including the Trailhead Slack App.

Related: Cloudflare Launches Public Bug Bounty Program

Related: U.S. Government Launches ‘Hack DHS’ Bug Bounty Program

Related: GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016