Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Salesforce Paid Out $12.2 Million in Bug Bounty Rewards to Date

Customer relationship management services provider Salesforce says it has handed out more than $12.2 million in payouts to the ethical hackers who reported vulnerabilities as part of its bug bounty program.

Customer relationship management services provider Salesforce says it has handed out more than $12.2 million in payouts to the ethical hackers who reported vulnerabilities as part of its bug bounty program.

Salesforce has been running an invitation-only bug bounty program since 2015, and has received more than 22,200 vulnerability reports to date. Since 2019, the company has handed out $9.5 million in bounty payouts.

Last year alone, the company paid over $2.8 million in bug bounty rewards, after receiving more than 4,700 reports for potential vulnerabilities in its products. For some of these findings, Salesforce paid bug bounty rewards of $30,000.

[READ: Google Paid Out $8.7 Million in Bug Bounty Rewards in 2021]

Salesforce says that its bug bounty program helped it not only better secure its products, but also understand the trends and methods that malicious hackers may employ in attacks.

Looking to ensure that security errors are identified and addressed before products reach the market, Salesforce plans to evolve its bug bounty program to allow ethical hackers to test products earlier in their development cycles.

As part of this approach, the company last year offered higher-than-usual bug bounty rewards for eligible reports on flaws in specific Salesforce products, including the Trailhead Slack App.

Related: Cloudflare Launches Public Bug Bounty Program

Related: U.S. Government Launches ‘Hack DHS’ Bug Bounty Program

Related: GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.