Salesforce Teams Up With All-Star Hackers at H1-4420

October 30, 2023 HackerOne

Andrew Leeth, Salesforce“With help from hackers, Salesforce can consistently put its products and systems to the test, as well as boost security throughout the entire software development lifecycle. This live hacking event and the ongoing bug bounty program are crucial to reducing risk and building trust with our customers.” 
Andrew Leeth, Senior Director, Security Assurance, Salesforce

45 participating in-person researchers   232 suspected vulnerabilities submitted   $494,500 total awards paid at H1-4420

 

Salesforce considers LHEs core to maintaining an industry-leading program. Live hacking events allow the best and brightest security researchers to collaborate in person. Every security researcher who joined Salesforce at H1-4420 added value to the program. By showing Salesforce engineers the methods bad actors could deploy to find exploits, researchers educate the team to include that methodology during the software development lifecycle, ultimately helping keep Salesforce secure for its customers. 

By the end of the event, a few security researchers had gone above and beyond, securing the top awards for H1-4420.  Congratulations to our winners!

First Place 82af5ddffbb795   Vigilante 82af5ddffbb795   Best Collaboration Rez0, archangel, spaceraccoon

Ethical hacker 82af5ddffbb795“Salesforce is a tough program to hack on, so I was excited to take home some big wins at H1-4420. Finding some of the more elusive bugs and helping Salesforce level up its security was very rewarding, and I’m excited to continue to work with Salesforce.” 
— 82af5ddffbb795

Developing relationships with hackers is critical to creating success in live hacking events and ongoing bug bounty programs, and the hacker community consistently praises Salesforce as a thoughtful, communicative team. With thousands of programs to hack on, Salesforce’s advocacy for the researcher community continues to make them a researcher favorite.

Ethical hacker corb3nik“Communication with the Salesforce team was one of the best experiences ever. They are friendly and have done an excellent job telling us their next steps when working on reports.” 
— corb3nik

Thank you to all the H1-4420 participants for making this live hacking event a rousing success!

To learn more about Salesforce’s H1-4420 successes or inquire about their private bug bounty program, read the blog from Salesforce.

Previous Article
5 Common Mistakes When Running a Bug Bounty Program
5 Common Mistakes When Running a Bug Bounty Program

1. Unprepared to Manage Incoming Vulnerability Reports Naturally, the purpose of running a bug bounty prog...

Next Article
Responsible AI at HackerOne
Responsible AI at HackerOne

HackerOne's AI can already be used to:1. Help automate vulnerability detection, using Nuclei, for example2....