The highest amount paid for one bounty was $30,000, but more than 4,700 suspected vulnerabilities were reported to the software company last year, so they had a lot of bounties to hand out. The payments are a heartening example of the ways in which hackers can help shore up an internet ecosystem that faces more and more threats from ransomware or phishing attacks every year.

How it Works

All product and features changes at Salesforce are tested internally, as you might expect. Once that’s over, though, the updates go through “a trusted network of ethical hackers,” as the company explained in a recent post. This pool of hackers — 118 of them in 2021 — is given access to a sandbox testing environment in order to crash-test the new software. The bug bounty program then rewards those hackers who can locate and disclose security concerns in the new product releases and updates. Needless to say, Salesforce undoubtedly saved far more than they paid in bounties to locate any vulnerabilities in their software. We’ve called their software “the most reputable CRM on the market right now” in our latest review of their customer relationship management software, and they have to maintain that reputation.

Google and Microsoft Pay Millions More

Salesforce can’t touch Google for bug bounties: The search giant paid a total of $8.7 million in bounty rewards during 2021, it said earlier this month, paying 696 researchers in 62 different countries. Google’s highest reward in 2021 was a tidy $157,000, for an Android security issue. While Microsoft hasn’t released its 2021 bounties data yet, the tech corporation did pay $13.6 million in bounties for 2020, with an average of $10,000 and one bounty that was as high as $200,000. Salesforce’s funds aren’t as large, but their program is growing: It launched in 2015 and has awarded more than $12.2 million in total bounties since. A full $9.5 million of that has just been since 2019.

Salesforce CRM Stays Secure

The bounty system appears to work. Salesforce CRM is feature-packed and highly secure, even if its ease of use might come with a learning curve. And speaking of Microsoft, their Dynamics CRM is another solid pick, offering strong integration with other Microsoft products your business might be using. We’ve stacked the two services up against each other over here. Salesforce is an attractive option for its low starting cost as well, particularly for CRM-only teams of five users or less. But plenty of other services are worth considering as well, even if they don’t have a bug bounty program working for them. Here’s a quick table of the top options, and we have a page dedicated to Salesforce CRM alternatives as well.

Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 17Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 56Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 75Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 58Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 63Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 32Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 51Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 98Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 7Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 43Salesforce Paid More Than  2 8 Million in Bug Bounties Last Year - 37