Salesforce professionals, there’s an exciting update that you should be aware of! Salesforce has just announced the launch of its Bug Bounty program. Here’s a breakdown of the five key areas of this initiative:
1. Program Scope
– Targets critical vulnerabilities.
– Encourages reporting flaws in Salesforce-owned web domains and applications.
– Excludes third-party services and applications integrated with Salesforce.
2. Reward System
– Financial incentives for bug discovery.
– Payouts range from $100 to $10,000 based on severity and quality of the report.
– High-impact bugs could potentially earn more than the maximum payout.
3. Eligibility and Participation
– Open to the global security research community.
– Participants must comply with the program’s terms and conditions.
– Submissions must be new and previously unreported vulnerabilities.
4. Submission Process
– Reports are to be submitted via the Salesforce Security Portal.
– Requires detailed information to reproduce the bug, including steps, criticality assessment, and supporting evidence.
– The Salesforce security team will collaborate with reporters to address the vulnerabilities.
5. Trailhead Series
– Educational content is being provided to support the program.
– Aims to guide participants on responsible disclosure and security best practices.
– Encourages skill development for both new and experienced security researchers.
Stay vigilant and ready to contribute to a more secure Salesforce ecosystem!
You can read it here: https://sfdc.blog/LWZuR
Source from salesforceben(dot)com