Salesforce announced this week that it rewarded ethical hackers with more than $2.8 million in bounties for finding vulnerabilities throughout 2021.
More than 4,700 reports on suspected vulnerabilities were submitted to Salesforce last year and the highest bounty paid was $30,000.
Since launching its bug bounty program in 2015, Salesforce has paid out about $12.2 million in total and accepted about 22,200 reports. More than $9.5 million of that has come since 2019, according to Salesforce data.
Salesforce software engineer Anup Ghatage said engineering teams use data from the bug bounty program “to better understand the tendencies and methodologies of malicious hackers.”
“Being able to understand the methods the hackers use to find vulnerabilities allows me to employ the same methods to better secure our software,” Ghatage said.
Salesforce explained that once products and features are tested internally, ethical hackers are asked to take a crack at testing security features in sandboxes.
As an example, they said the Trailhead Slack App was used as a bounty promotion in August before it was released in September. One hacker who participated in the program, Inhibitor181, said he started out in ethical hacking after becoming a developer.
“Not only is it more stimulating and less monotonous to use my