Trust has always been one of Salesforce’s core values and it is incredibly important in the world of Enterprise Cloud Computing. It was even more relevant back in 1999 when Salesforce was founded. Imagine trying to convince clients to leave behind their on-premise system and trust some random database in the Cloud.
To further protect their customers, Salesforce has a bug bounty program that pays out millions to ‘ethical hackers’ when they find a flaw or are able to break into a Salesforce product.
Salesforce Bug Bounty Program
Starting in 2015, the Salesforce bug bounty program was one of the first to be introduced by an enterprise organization. Since launching, Salesforce has awarded over $12.2 million in total bounties, including $9.5 million since 2019, with $2.8 million paid out in 2021.
Salesforce has partnered with HackerOne, a platform that partners with enterprise software companies and the hacker community to surface the most relevant security issues before they can be exploited by criminals.
HackerOne is not only able to surface security issues, but also to help facilitate a dialogue between the hacker community and Salesforce. This ensures that issues are not only found, but also that Salesforce can understand how the hacker mindset works.
“Being able to understand the methods the hackers use to find vulnerabilities allows me to employ the same methods to better secure our software” – Anup Ghatage, Salesforce Software Engineer
Salesforce have also been ramping up their incentives. Back in 2021 before the Trailhead Slack App launched at Dreamforce, Salesforce offered bonuses, which resulted in multiplied bonuses if issues were found.
Become a Bounty Hunter
Salesforce are looking to advance their bounty program, partnering with more ethical hackers to ensure their platform is completely secure. To find out more about participation in the invitation-only bug bounty program, contact security@salesforce.com.