Case Study: Salesforce achieves stronger customer data protection with HackerOne's bug bounty program

Salesforce Uses Bug Bounties to Protect Customer Data

Salesforce, the enterprise cloud software pioneer, needed to keep customer data secure and maintain trust as organizations moved sensitive information into the cloud. Convincing skeptical customers and protecting vast amounts of remote data was a core challenge for their security program.

Salesforce partnered with HackerOne to run a hacker-powered bug bounty program that crowdsources testing, rewards responsible disclosure, and uses a dedicated triage team and VIP researcher program. Over three years the program accepted more than 3,200 valid reports from 1,200+ researchers, paid an average bounty of $850 (highest $15,000), achieved average response times under five hours, and drove 51% of 2017 security bug reports and over 90% of externally reported issues that year.

Salesforce

Vinayendra Nataraja

Senior Product Security Engineer