Salesforce’s Bug Bounty Program continues to pay dividends to both Salesforce customers and its network of ethical hackers. Since the program’s inception in 2015, Salesforce has awarded over $18.9 million in bug bounties to its ethical hackers, who have reported nearly 30,600 potential vulnerabilities.
Why it matters: Working closely with ethical hackers through bug bounty programs is one of the most effective ways to get inside the minds of malicious hackers and stay ahead of evolving AI-powered cyber threats. These hackers also test drive Salesforce’s products to uncover potential vulnerabilities before an adversary does, enhancing the security of the entire digital ecosystem.
Go deeper: Salesforce was among the first enterprise companies to launch a bug bounty program, and it continues to serve as one of the most effective and scalable components of the organization’s cybersecurity posture. The reports of potential threats, which range from minor coding errors to cross-cloud vulnerabilities, allow Salesforce to quickly implement necessary patches or fixes.
The Salesforce perspective: “Ethical hackers’ work allows our engineers to address vulnerabilities before they become an issue and contribute to ongoing security improvements. Engaging outstanding ethical hackers enhances our organization’s preventative security measures and overall cyber resilience against an evolving threat landscape tailored to today’s and tomorrow’s reality.” – Lindsey Swartz, Senior Manager, Technical Program Management
Engaging outstanding ethical hackers enhances our organization’s preventative security measures and overall cyber resilience against an evolving threat landscape tailored to today’s and tomorrow’s reality.
Lindsey Swartz, Senior Manager, Technical Program Management, Salesforce
What they’re saying: “Salesforce is known among the ethical hacker community for its engaging bug bounty program and experience. We look forward to the high-quality interactions with the security team to dive deeper into our findings, which not only bolster the security of Salesforce’s own products, but also the entire digital ecosystem.” – Arne Swinnen, an ethical hacker with Salesforce’s Bug Bounty Program
Fast facts:
- In 2023 alone, Salesforce paid over $3 million to its bug bounty network.
- Approximately 650 ethical hackers participated in the program last year, disclosing nearly 4,200 reports of potential vulnerabilities.
- Salesforce has awarded individual bounty payouts as high as $60,000.
- In addition to the discovery of nearly 30,600 potential vulnerabilities since its inception, the program has also helped Salesforce enhance its preventative security efforts by allowing engineers to apply fixes to protect end users before any malicious hackers have a chance to exploit them.
The big picture: Ethical hackers play a pivotal role in fortifying even the highest levels of national security. The White House continues to underscore their significance through initiatives like Biden’s AI Executive Order and the launch of the White House AI Cyber Challenge to make software more secure.
What’s next: Salesforce continues to evolve its Bug Bounty Program to meet the expectations of its growing hacker community, including ways to enhance real-time engagement, offer more gamified researcher experiences, and facilitate faster responses.
Explore further
- Learn more about Salesforce’s Bug Bounty Program
- Hear from one of Salesforce’s top ethical hackers about his bug bounty experience
- Check out Salesforce’s cybersecurity tips and resources here
- Read how AI has become a double-edged sword for cyber security