HackerOne

Salesforce Teams Up With All-Star Hackers at H1-4420

Ethical hackers at H1-4420 event

As one of the first enterprise organizations to operate a bug bounty program, Salesforce has long understood the power of engaging ethical hacker talent. In June, Salesforce and HackerOne joined 45 of the world’s best ethical hackers in London—and 55 more virtually—for H1-4420, a live hacking event (LHE) dedicated to testing the security of select digital assets as part of its security-first approach to ensuring the safety and protection of its systems and customer data. Watch some highlights in the video below.

 

“With help from hackers, Salesforce can consistently put its products and systems to the test, as well as boost security throughout the entire software development lifecycle. This live hacking event and the ongoing bug bounty program are crucial to reducing risk and building trust with our customers.” 
Andrew Leeth, Senior Director, Security Assurance, Salesforce

 

Salesforce considers LHEs core to maintaining an industry-leading program. Live hacking events allow the best and brightest security researchers to collaborate in person. Every security researcher who joined Salesforce at H1-4420 added value to the program. By showing Salesforce engineers the methods bad actors could deploy to find exploits, researchers educate the team to include that methodology during the software development lifecycle, ultimately helping keep Salesforce secure for its customers. 

By the end of the event, a few security researchers had gone above and beyond, securing the top awards for H1-4420.  Congratulations to our winners!

“Salesforce is a tough program to hack on, so I was excited to take home some big wins at H1-4420. Finding some of the more elusive bugs and helping Salesforce level up its security was very rewarding, and I’m excited to continue to work with Salesforce.” 
— 82af5ddffbb795

Developing relationships with hackers is critical to creating success in live hacking events and ongoing bug bounty programs, and the hacker community consistently praises Salesforce as a thoughtful, communicative team. With thousands of programs to hack on, Salesforce’s advocacy for the researcher community continues to make them a researcher favorite.

“Communication with the Salesforce team was one of the best experiences ever. They are friendly and have done an excellent job telling us their next steps when working on reports.” 
— corb3nik

Thank you to all the H1-4420 participants for making this live hacking event a rousing success!

To learn more about Salesforce’s H1-4420 successes or inquire about their private bug bounty program, read the blog from Salesforce.

The 7th Annual Hacker-Powered Security Report

Hacker-Powered Security Report