Why Salesforce Has Spent $18.9M on Ethical Hackers

By Thomas Morgan

In an innovative step towards cyber-protection, Salesforce’s Bug Bounty Program continues to highlight system vulnerabilities and fend off potential hackers and cybercriminals. The program is made up of highly skilled ethical hackers who find weaknesses in servers, uncover potential security vulnerabilities, and give a clear idea of where to tighten infrastructure. 

With the high volume of customer information stored in Salesforce, the work of the Bug Bounty Program is vital to protecting data. As with any bounty, there’s a price…

The Statistics

Since its inception in 2015, Salesforce has awarded over $18.9 million in bug bounties to this network of ethical hackers. The program has discovered nearly 30,600 potential vulnerabilities during this time, allowing Salesforce to quickly implement patches and fixes to stop weaknesses from being exploited. 

Here are a few interesting facts about the program:

  • In 2023 alone, Salesforce paid over $3 million to its bug bounty network. 
  • Approximately 650 ethical hackers participated in the program last year, uncovering nearly 4,200 reports of potential vulnerabilities.
  • Salesforce has awarded individual bounty payouts as high as $60,000. 
  • In addition to the discovery of over 30 thousand potential vulnerabilities, the program has helped Salesforce enhance preventative security measures by allowing engineers to apply fixes to protect end users before malicious hackers have a chance to exploit them. 

Salesforce’s Bug Bounty Program has proven to be a valuable asset, not only for detecting vulnerabilities, but also for strengthening the company’s external security. By analyzing data from the program, Salesforce’s engineering teams can gain valuable insights into potential tactics and techniques used by malicious hackers, allowing them to build more robust defenses and stay one step ahead of potential threats, including those powered by AI.

Why Hack for Good?

It’s understandable if you have negative ideas about what a hacker is. Ethical hackers, however, use their knowledge and power for good by helping multiple large-scale companies protect their information in exchange for payment. 

Being responsible for giving millions of people peace of mind that their data is protected is a big part of why many bug bounty hunters do what they do. 

“I appreciate the technical and intellectual challenges inherent to bug bounty hunting. It’s encouraging to know that my work and discoveries could help prevent a breach or tech issues that could negatively affect millions of users. It adds a whole new dimension to the impact of my efforts – it’s not about a paycheck, but a purpose.” Arne Swinnen, Bug Bounty Hunter

READ MORE: Bug Bounty Hunter Reveals Why He Hacks for Good


Salesforce continues to evolve its Bug Bounty Program to meet the expectations of its growing hacker community; the initiative is enhancing real-time engagement, offering more gamified researcher experiences, and facilitating faster responses. Surely there will be few qualms over future investment.

The Author

Thomas Morgan

Thomas is a Content Editor at Salesforce Ben.

Leave a Reply