Salesforce 博客
为什么 Salesforce 在 2021 年向黑客支付 280 万美元以“侵入”其产品
这听起来可能违背常理,但黑客实际上在帮助 Salesforce 保持客户数据安全。仅在 2021 年,Salesforce 就奖励了道德黑客超过 280 万美元的“奖金”,以帮助保护其系统。
要进行负责任的披露,请详细了解我们的负责任的披露政策。我们谨代表 Salesforce、我们的客户和用户,感谢以下研究人员做出的贡献。
非凡的研究贡献
最厉害的漏洞赏金黑客
向我们最厉害的漏洞赏金黑客表示祝贺 – 在 Salesforce 的年度 漏洞 赏金计划中,漏洞 赏金研究人员报告了其中最重要的五个漏洞。Salesforce 安全员工投票选出了这一杰出奖项,以表彰这些研究人员维护 Salesforce 的首要价值观“信任”。
2023年(截至 3 月份)
Bug 赏金研究人员
0xd0m7, analyz3r, anupamas01, bradleyjkemp, d0xing, d3f4u17 , djurado, dz_samir, fozgrkuggs3t, freesec, goldenstone, hafolife, hazimaslam, holybugx, jatindhankhar, juji, kcho, krevetk0, le0w4ng, m0chan, mateuszek, michael1026, micr0mind, mikey96, mooimacow, mrrajputhacker2, naaash, nickslow, none_of_the_above, pesticide, proabiral, realtess, rg0x01, root_kn1f3, rz01, s1ber, svennergr, todayisnew, xpx, yuvraj_dighe
2022
Bug 赏金研究人员
0ang3el, 0x01alka, arneswinnen, d0xing, derision, djurado, dz_samir, edivan, hazimaslam, honoki, inhibitor181, jinOne, krevetk0, m0chan, madinmars, melar_dev, michael1026, nadino, nagli, nbabii, ngocdh, p4fg, proabiral, ramsexy, ras-it, rz01, seifelsallamy, stealthy, svennergr, thecaffeinefix, todayisnew, tolo7010, try_to_hack, wirtha, youstin, zonduu 0xd0m7, 0xelkot, afewgoats, ahmedehane, ajxchapman, ak1t4, akshyyaksl337, amad3u6, amaljacob, amsda, analyz3r, anandpingsafe, andi, andrewrusso, ansariosama, anupamas01, assassin_marcos, avezkhan, avram, bombon, brdoors3, bugra, caffeinefix, cakiki, chermysl, cocoh__23, codermak, comwrg, cyb3rz0n3, cygut, d0nut, d3f4u17, dirtycoder, dkd, dragonjar, egrep ehshahid, en_ahsanali, enzyro, fr4via, fracturedninja, fransrosen, freesecgofunc, h4x0r_dz, hackit0, hafolife, hailstorm1422, hk755a, hoangn14, holybugx, holyfield, homosec, hulk, huyngoc, hx01, ian, ignaciosarobe, imajes, imgnotfound, imnarendrabhati, iqbal_007, isimsiz, juji, kadusantiago, kotko, krynos, lehtu, m7mdharoun, malcolmx, manish_adz, mateuszek, melbadry9 michau, micr0mind, mikey96, mikkocarreon, mitchellwright, mr-hakhak, musab_alharanynaaash, naif_ksa, niraeth, none_of_the_above, not_stoppable, oxbo, pablofacciano, pankaj_kumar, paulcalabro, pesticide, polem4rch, realtess, recon_ninja, renekroka, rg0x01, rijalrojan, roberto99, rreiss, s3rdz0, s_p_q_r, salh4ckr, samlyhin, samux, shaikhyaser, sheikhimmi, sheikhrishad0, simontang, smaul, smitgharat0001, snorlhax sp00ka7x, spaceraccoon, stevenandres, th3g3nt3lman, txt3rob, villagelad, violet, vp40, w--, w2w, xsam, yuvraj_dighezanderziot
独立研究人员
2021
Bug 赏金研究人员
0ang3el, 4lemon, afewgoats, ahmedehane, ak1t4, ali, amalyoman, amsda, ankitsingh, ansariosama, arneswinnen, asad0x01, ateek, bitsscrambler, bobrov, bubbounty, cdl, d0xing, d4rkm4tter, debsec, discodamone, diskodingo85, djurado, dkd, dz_samir, egrep, erbbysam, g003e, hazimaslam, honoki, hritiksh, indoappsec, inhibitor181, kaktaktoa, kcho, kirtan_patel, kotko, krevetk0, lucio, m0chan, m1s13ksnk, melar_dev, metnew, michael1026, mikee, nadino, nagli, nanwn, ngocdh, niemand_sec, nnez, node1, none_of_the_above, not_stoppable, p4fg, patrik, pnig0s, preben, proabiral, ramsexy, randomdeduction, ras-it, rhynorater, securitybreaker, sergeym, sheikhimmi, shubs, skavans, sml555, smsecurity, spaceraccoon, stuxnite, svennergr, tbehroz, the_arch_angel, todayisnew, tolo7010, try_to_hack, w--, w2w, wirtha, yaworsk, zonduu
独立研究人员
2019 -2020
0xd0m7, 0xcaptainfreak, 4bg0p, 0ang3elakhilmm, alexeypetrenko, alfazero, alittleninja, amontes, ankitkrdixit, ankitsingh, annunaki, anonym0us_py, anshuman_bh, apox, appsecure_in, arl_rose, arneswinnen, asad0x01_, ashish_r_padelkar, ateek, bejaminkm, bobrov, brdoors3, bubbounty, bugbasher, bughunterboy, c1231665, cdl, charityhackers, charlieeriksen, chernobyl, cmd-0_0, constructor2019, cr4xerbik4sh, cyb1, d0nut, d3n0, dataalchemist, delisyd, derision, dhakal_ananda, dkd, dvl, dz_samir, edoverflow, eelsivart, egrep, erbbysam, fishofprey, foobar7, frozensolid, goravseth, gujjuboy10x00, hack_all_things, hackdev16, harisec, hazimaslam, hdbreaker, httpsonly, indoappsec, inhibitor181, intidc, isecurity, jackds, jahin0x01, jepatel, jllis, jong_jong, jsadler01, kapytein, kasperkarlsson, kazan71p, kcho, khizer47, kusl, lagertha, lfb, linkks, luied1920, m7mdharoun, mantis, mattaustin, metnew, michael1026, mikee, mlitchfield, moshemiz, mr_r0w07, narenp, neema, ngalog, ngocdh, nih8l, none_of_the_above, nullboy, p4fg, paresh_parmar, pcastagnaro_sfdc, pen3t3r, piyushmalik, pnig0s, poutine_hero, prateek_0490, protector47, psaux, pufo, pxh3, quanyang, r0x33d, ramsexy, randbug101, randomdeduction, randomusername, ras-it, redguard, rijalrojan, ris, rubyroobs, rudnkh, ruvlol, rz01, samux, securitybreaker, securitythinker, sergeym, shahmeer-amir, shailesh4594, shepard, silenthunter, skavans, slechjke, smaury, smiegles, smsecurity, sniper302, sp1d3rs, stok, streaak, strukt, sub_super, suhas_gaikwad, sunil_yedla, sysecure, ta8ahi, tahaismail9, techguynoob, todayisnew, tolo7010, tophersmith116, try_to_hack, trying_to_hack, txt3rob, ubepkr, vinothkumar, vp40, vulnh0lic, wh11tew0lf, whitehatter, wirtha, yashrs, yotamc19899, z0mb13, zapprising, zephrfish, zeroflaw, zigoo0, ziot
2017 -2018
Ervin Weber, Priyanshu Sahay, Elamaran V(BHEL Trichy), TechguySarath, Fredrik Almroth, David Dworken, Karim Valiev, Ankit Mittal, Chris Bland, Ruby Nealon <rubyroobs>, Andrew Leonov, Arne Swinnen, Anand Prakash, Guilherme Cesar Leite, Moataz Jemni, Hussain Adnan Hashim, Peter Yaworski, Ben Buechner, Ian Bouchard, Jubaer Al Nazi, Missoum Said, Yaala Abdellah, Samir Hadji, Evgeniy Yakovchuk, Karl Aparece, Hazim Aslam, Daniel Ballinger, Deepak K, Pier-Luc Maltais, Sergey Bobrov, Deepanker Chawla, Ahsankhan, Mohammed Fayez Ahmed Albanna, Elamaran V, Muhammad Khizer Javed, Iordache Cosmin, Muhammad Hassham Nagori, Gujjuboy10x00(Vishal), Osama Ansari, Prakash Sharma, Marius Horatau, Johnny Nipper, Simon Bräuer, TechguySarath, Tomi Koski, Ashish Padelkar, Stanko, SPQR, Sandeep Singh, Jens Müller, Waleed Ezz Eldin (WIBF), SecuNinja, Darshit Varotaria (Krydence Technologies -Trusted Digital Security Ally), Ankit Mittal
2016
Hadji Samir, Char49, Eusebiu Blindu, Peter Yaworski, Abdul Haq Khokhar, Abdul Rehman, Mustafa "strukt" Hasan, Frans Rosén, Yassine ABOUKIR, Raghav Bisht, Nikhil Kumar Srivastava, Jay Patel, Sagar Shah, Stefano Vettorazzi, David Vieira-Kurz (@secalert), Sasi Levi, Sandeep Singh, Artur Czyż, Ajay chavda, Matvejs Mascenko, Max Prietzel, Nightwatch Cybersecurity, jay k patel, Muhammad Hassaan Khan, Stephen Sclafani, Kacper Kwapisz, Seif Elsallamy, Arie Timmerman, Abhinav Karnawat \/ w4rri0r \/, satish bommisetty, Noriaki Iwasaki, harisec, Max Moroz, Dzmitry Lukyanenka, Deepanker Chawla, Nassim Bouali, Jose Luis Zayas Banderas, Teemu Kääriäinen, Issam Rabhi, Vathsa, Abdullah Hussam, psych0tr1a, PsihoZ26, Mustafa Hasan (strukt), Luciano Corsalini, Fizer Khan, Paulos Yibelo, Avram Marius Gabriel, N B Sri Harsha, Mathias Karlsson, Arsiadi Sriyanto, Cîrjă Florinel-Vasile (Quistertow), Darius Petrescu, Tomasz Bojarski, Pranav Hivarekar, Santiago "Mr Hack" López, Muhammad Asim Shahzad, karthickumar (Ramanathapuram), Yasir Altaf Zargar, Nitin Goplani, Hazim Aslam, Nicolas Grégoire, Jigar Thakkar (Akhani), SPQR, Benjamin Kunz Mejri, Jelmer de Hen, Ahmed Aboul-Ela, Arne Swinnen
提醒: 请注意,此页面每年更新一次。从 2021 年开始,我们将仅承认向 Salesforce 提交有效报告的研究人员。 怀疑有问题?请向 security@salesforce.com 发送电子邮件,向 Salesforce 安全团队私下发送疑似漏洞的完整详细信息。
