為何 Salesforce 在 2021 年付了 280 萬美金給駭客來「駭入」自家產品
雖然聽起來違反直覺,但駭客實際上會協助 Salesforce 保護客戶資料安全。單單 2021 年,Salesforce 已獎勵白帽駭客超過 280 萬「賞金」以協助保護自身系統。
傑出安全研究貢獻
2021 年最嚴重的漏洞賞金駭客
恭喜 2021 年最嚴重的漏洞賞金駭客,即在 2021 年 Salesforce 漏洞賞金計劃針對回報的五大最嚴重漏洞做出貢獻的漏洞賞金研究人員。Salesforce 安全性工作人員針對此類傑出獎項進行投票,以表彰上述人員維護 Salesforce 最高價值:信任。
2022 年 (直到三月)
漏洞賞金研究人員
0ang3el, 0x01alka, arneswinnen, d0xing, derision, djurado, dz_samir, edivan, hazimaslam, honoki, inhibitor181, jinOne, krevetk0, m0chan, madinmars, melar_dev, michael1026, nadino, nagli, nbabii, ngocdh, p4fg, proabiral, ramsexy, ras-it, rz01, seifelsallamy, stealthy, svennergr, thecaffeinefix, todayisnew, tolo7010, try_to_hack, wirtha, youstin, zonduu
獨立研究人員
2021
漏洞賞金研究人員
0ang3el, 4lemon, afewgoats, ahmedehane, ak1t4, ali, amalyoman, amsda, ankitsingh, ansariosama, arneswinnen, asad0x01, ateek, bitsscrambler, bobrov, bubbounty, cdl, d0xing, d4rkm4tter, debsec, discodamone, diskodingo85, djurado, dkd, dz_samir, egrep, erbbysam, g003e, hazimaslam, honoki, hritiksh, indoappsec, inhibitor181, kaktaktoa, kcho, kirtan_patel, kotko, krevetk0, lucio, m0chan, m1s13ksnk, melar_dev, metnew, michael1026, mikee, nadino, nagli, nanwn, ngocdh, niemand_sec, nnez, node1, none_of_the_above, not_stoppable, p4fg, patrik, pnig0s, preben, proabiral, ramsexy, randomdeduction, ras-it, rhynorater, securitybreaker, sergeym, sheikhimmi, shubs, skavans, sml555, smsecurity, spaceraccoon, stuxnite, svennergr, tbehroz, the_arch_angel, todayisnew, tolo7010, try_to_hack, w--, w2w, wirtha, yaworsk, zonduu
獨立研究人員
2019 -2020
0xd0m7, 0xcaptainfreak, 4bg0p, 0ang3elakhilmm, alexeypetrenko, alfazero, alittleninja, amontes, ankitkrdixit, ankitsingh, annunaki, anonym0us_py, anshuman_bh, apox, appsecure_in, arl_rose, arneswinnen, asad0x01_, ashish_r_padelkar, ateek, bejaminkm, bobrov, brdoors3, bubbounty, bugbasher, bughunterboy, c1231665, cdl, charityhackers, charlieeriksen, chernobyl, cmd-0_0, constructor2019, cr4xerbik4sh, cyb1, d0nut, d3n0, dataalchemist, delisyd, derision, dhakal_ananda, dkd, dvl, dz_samir, edoverflow, eelsivart, egrep, erbbysam, fishofprey, foobar7, frozensolid, goravseth, gujjuboy10x00, hack_all_things, hackdev16, harisec, hazimaslam, hdbreaker, httpsonly, indoappsec, inhibitor181, intidc, isecurity, jackds, jahin0x01, jepatel, jllis, jong_jong, jsadler01, kapytein, kasperkarlsson, kazan71p, kcho, khizer47, kusl, lagertha, lfb, linkks, luied1920, m7mdharoun, mantis, mattaustin, metnew, michael1026, mikee, mlitchfield, moshemiz, mr_r0w07, narenp, neema, ngalog, ngocdh, nih8l, none_of_the_above, nullboy, p4fg, paresh_parmar, pcastagnaro_sfdc, pen3t3r, piyushmalik, pnig0s, poutine_hero, prateek_0490, protector47, psaux, pufo, pxh3, quanyang, r0x33d, ramsexy, randbug101, randomdeduction, randomusername, ras-it, redguard, rijalrojan, ris, rubyroobs, rudnkh, ruvlol, rz01, samux, securitybreaker, securitythinker, sergeym, shahmeer-amir, shailesh4594, shepard, silenthunter, skavans, slechjke, smaury, smiegles, smsecurity, sniper302, sp1d3rs, stok, streaak, strukt, sub_super, suhas_gaikwad, sunil_yedla, sysecure, ta8ahi, tahaismail9, techguynoob, todayisnew, tolo7010, tophersmith116, try_to_hack, trying_to_hack, txt3rob, ubepkr, vinothkumar, vp40, vulnh0lic, wh11tew0lf, whitehatter, wirtha, yashrs, yotamc19899, z0mb13, zapprising, zephrfish, zeroflaw, zigoo0, ziot
2017 -2018
Ervin Weber、Priyanshu Sahay、Elamaran V(BHEL Trichy)、TechguySarath、Fredrik Almroth、David Dworken、Karim Valiev、Ankit Mittal、Chris Bland、Ruby Nealon <rubyroobs>、Andrew Leonov、Arne Swinnen、Anand Prakash、Guilherme Cesar Leite、Moataz Jemni、Hussain Adnan Hashim、Peter Yaworski、Ben Buechner、Ian Bouchard、Jubaer Al Nazi、Missoum Said、Yaala Abdellah、Samir Hadji、Evgeniy Yakovchuk、Karl Aparece、Hazim Aslam、Daniel Ballinger、Deepak K、Pier-Luc Maltais、Sergey Bobrov、Deepanker Chawla、Ahsankhan、Mohammed Fayez Ahmed Albanna、Elamaran V、Muhammad Khizer Javed、Iordache Cosmin、Muhammad Hassham Nagori、Gujjuboy10x00(Vishal)、Osama Ansari、Prakash Sharma、Marius Horatau、Johnny Nipper、Simon Bräuer、TechguySarath、Tomi Koski、Ashish Padelkar、Stanko、SPQR、Sandeep Singh、Jens Müller、Waleed Ezz Eldin (WIBF)、SecuNinja、Darshit Varotaria (Krydence Technologies -Trusted Digital Security Ally)、Ankit Mittal
2016
Hadji Samir、Char49、Eusebiu Blindu、Peter Yaworski、Abdul Haq Khokhar、Abdul Rehman、Mustafa "strukt" Hasan、Frans Rosén、Yassine ABOUKIR、Raghav Bisht、Nikhil Kumar Srivastava、Jay Patel、Sagar Shah、Stefano Vettorazzi、David Vieira-Kurz (@secalert)、Sasi Levi、Sandeep Singh、Artur Czyż、Ajay chavda、Matvejs Mascenko、Max Prietzel、Nightwatch Cybersecurity、jay k patel、Muhammad Hassaan Khan、Stephen Sclafani、Kacper Kwapisz、Seif Elsallamy、Arie Timmerman、Abhinav Karnawat \/ w4rri0r \/、satish bommisetty、Noriaki Iwasaki、harisec、Max Moroz、Dzmitry Lukyanenka、Deepanker Chawla、Nassim Bouali、Jose Luis Zayas Banderas、Teemu Kääriäinen、Issam Rabhi、Vathsa、Abdullah Hussam、psych0tr1a、PsihoZ26、Mustafa Hasan (strukt)、Luciano Corsalini、Fizer Khan、Paulos Yibelo、Avram Marius Gabriel、N B Sri Harsha、Mathias Karlsson、Arsiadi Sriyanto、Cîrjă Florinel-Vasile (Quistertow)、Darius Petrescu、Tomasz Bojarski、Pranav Hivarekar、Santiago "Mr Hack" López、Muhammad Asim Shahzad、karthickumar (Ramanathapuram)、Yasir Altaf Zargar、Nitin Goplani、Hazim Aslam、Nicolas Grégoire、Jigar Thakkar (Akhani)、SPQR、Benjamin Kunz Mejri、Jelmer de Hen、Ahmed Aboul-Ela、Arne Swinnen
提醒
請注意此頁面將每年進行更新。自 2021 年開始,我們僅認可向 Salesforce 提交有效報告的研究人員。
發現可疑問題嗎?私下向 Salesforce 安全小組提供可疑弱點的完整詳細資料,請傳送電子郵件至 security@salesforce.com。
報告安全性問題
身為居領導地位的軟體即服務和平台即服務提供者,Salesforce 致力於制定保護我們環境和客戶資料的標準。透過報告任何安全性問題與我們合作。