To make a responsible disclosure, learn more about our Responsible Disclosure Policy. On behalf of Salesforce, our customers, and our users, we would like to thank the following researchers for their contributions.
Congratulations to our Hardest Hitting Bug Bounty Hackers–the Bug Bounty Researchers who contributed the five most critical vulnerabilities of those reported to Salesforce’s Bug Bounty Program throughout the year. Salesforce Security Staff voted upon this distinguished award to recognize these researchers for upholding Salesforce’s #1 value, Trust.
try_to_hack, g4mb4, micr0mind, d0xing, luckz, mmdz, 0x4m, honoki, d0nut, bugtriage-locke, gammarex, d3f4u17, amalyoman, holybugx, sim4n6, securitythinker, arneswinnen, damian89, val_brux, analyz3r, naaash, djurado, todayisnew, zeb0x01, yuvraj_dighe, hazimaslam, snorlhax, rg0x01, savik, none_of_the_above, juji, mateuszek, testingforbugs, youstin, fr4via, sumgr0, hafolife, lm_davidcburke, bustinjieber, foorw1nner, jin0ne, m0chan, protoneko, me9187, k57447, sachin_kr, afewgoats, ozgur, luqii, tolo7010, iqimpz, svennergr, w-, exploitmsf, kjsman, theokeen, c4rrilat0rr, zhongquanli, 0xdln, ngocdh, imgnotfound, 3th1c_yuk1, lowtechnaut, r3veal, darkdream, f6x, pesticide, jdchbdxmz, brdoors3, s3rdz0, pt200, 0xd0m7, lammy, mclaren650sspider, p4fg, daniel_v, mikey96, jaleel_khan_98, andrewrusso, indoappsec, mxnd, bonsoird, inhibitor181, arsene_lupin, hx01, jackds , shubs, nbabii, godiego, encryptsaan123, krevetk0, cache-money, alittleninja, imnarendrabhati, egrep, ibruteforce, rez0, ryotak, corb3nik, 82af5ddffbb795, archangel, spaceraccoon, rhynorater, gemini, corraldev, adi-agrawal, mooimacow, kcho, sowhatsec, dz_samir, dkd, ajxchapman, tess, proabiral, krynos, huyngoc, zhutyra, th3g3nt3lman, lukeberner, tuukkeli, segfo, akshyy, batee5a, ansariosama, renekroka, xsam, securify-bv, moti-h, bagipro, zere, 0xwise, anupamas01, thajeztah, o-siman, mheranco, 0x777, super-cert2, ian, norwegianwood, m4ll0k, pablofacciano, daik0n, hulk, jesus_pwn3d_u, gaurav-bhatia, goldenstone, le0w4ng, michael1026, bradleyjkemp, guyinhsv, mrrajputhacker2, freesec, s1ber, rz01, nickslow, hipotermia, jatindhankhar, fozgrkuggs3t, jusertestedd
Ervin Weber, Priyanshu Sahay, Elamaran V(BHEL Trichy), TechguySarath, Fredrik Almroth, David Dworken, Karim Valiev, Ankit Mittal, Chris Bland, Ruby Nealon <rubyroobs>, Andrew Leonov, Arne Swinnen, Anand Prakash, Guilherme Cesar Leite, Moataz Jemni, Hussain Adnan Hashim, Peter Yaworski, Ben Buechner, Ian Bouchard, Jubaer Al Nazi, Missoum Said, Yaala Abdellah, Samir Hadji, Evgeniy Yakovchuk, Karl Aparece, Hazim Aslam, Daniel Ballinger, Deepak K, Pier-Luc Maltais, Sergey Bobrov, Deepanker Chawla, Ahsankhan, Mohammed Fayez Ahmed Albanna, Elamaran V, Muhammad Khizer Javed, Iordache Cosmin, Muhammad Hassham Nagori, Gujjuboy10x00(Vishal), Osama Ansari, Prakash Sharma, Marius Horatau, Johnny Nipper, Simon Bräuer, TechguySarath, Tomi Koski, Ashish Padelkar, Stanko, SPQR, Sandeep Singh, Jens Müller, Waleed Ezz Eldin (WIBF), SecuNinja, Darshit Varotaria (Krydence Technologies -Trusted Digital Security Ally), Ankit Mittal
Hadji Samir, Char49, Eusebiu Blindu, Peter Yaworski, Abdul Haq Khokhar, Abdul Rehman, Mustafa "strukt" Hasan, Frans Rosén, Yassine ABOUKIR, Raghav Bisht, Nikhil Kumar Srivastava, Jay Patel, Sagar Shah, Stefano Vettorazzi, David Vieira-Kurz (@secalert), Sasi Levi, Sandeep Singh, Artur Czyż, Ajay chavda, Matvejs Mascenko, Max Prietzel, Nightwatch Cybersecurity, jay k patel, Muhammad Hassaan Khan, Stephen Sclafani, Kacper Kwapisz, Seif Elsallamy, Arie Timmerman, Abhinav Karnawat \/ w4rri0r \/, satish bommisetty, Noriaki Iwasaki, harisec, Max Moroz, Dzmitry Lukyanenka, Deepanker Chawla, Nassim Bouali, Jose Luis Zayas Banderas, Teemu Kääriäinen, Issam Rabhi, Vathsa, Abdullah Hussam, psych0tr1a, PsihoZ26, Mustafa Hasan (strukt), Luciano Corsalini, Fizer Khan, Paulos Yibelo, Avram Marius Gabriel, N B Sri Harsha, Mathias Karlsson, Arsiadi Sriyanto, Cîrjă Florinel-Vasile (Quistertow), Darius Petrescu, Tomasz Bojarski, Pranav Hivarekar, Santiago "Mr Hack" López, Muhammad Asim Shahzad, karthickumar (Ramanathapuram), Yasir Altaf Zargar, Nitin Goplani, Hazim Aslam, Nicolas Grégoire, Jigar Thakkar (Akhani), SPQR, Benjamin Kunz Mejri, Jelmer de Hen, Ahmed Aboul-Ela, Arne Swinnen
Reminder: Please note that this page is updated annually. Starting in 2021, we will solely be recognizing researchers who submit valid reports to Salesforce. Suspect an issue? Privately share full details of the suspected vulnerability with the Salesforce Security team by emailing security@salesforce.com.
It may sound counterintuitive, but hackers actually help Salesforce keep customer data secure. Salesforce's Bug Bounty Program has awarded over $18.9 million in bug bounties to its ethical hackers, who have reported nearly 30,600 potential vulnerabilities.
