Salesforce 部落格
為何 Salesforce 在 2021 年付了 280 萬美金給駭客來「駭入」自家產品
雖然聽起來違反直覺,但駭客實際上會協助 Salesforce 保護客戶資料安全。單單 2021 年,Salesforce 已獎勵白帽駭客超過 280 萬「賞金」以協助保護自身系統。
若要進行負責任的披露,請深入瞭解我們的負責任的披露政策。謹代表 Salesforce、我們的客戶及我們的使用者,感謝以下研究人員的貢獻。
傑出研究貢獻
重棒出擊的漏洞賞金黑客
祝賀我們重棒出擊的漏洞賞金黑客 – 漏洞賞金研究人員,在一整年中他們貢獻了向 Salesforce 漏洞賞金計劃報告的五個最嚴重的漏洞。 Salesforce 安全人員投票選出了這一傑出獎項,以表彰這些研究人員維護 Salesforce 的首要價值觀:信任。
2023 年 (截至 3 月)
漏洞賞金研究人員
0xd0m7, analyz3r, anupamas01, bradleyjkemp, d0xing, d3f4u17 , djurado, dz_samir, fozgrkuggs3t, freesec, goldenstone, hafolife, hazimaslam, holybugx, jatindhankhar, juji, kcho, krevetk0, le0w4ng, m0chan, mateuszek, michael1026, micr0mind, mikey96, mooimacow, mrrajputhacker2, naaash, nickslow, none_of_the_above, pesticide, proabiral, realtess, rg0x01, root_kn1f3, rz01, s1ber, svennergr, todayisnew, xpx, yuvraj_dighe
2022
漏洞賞金研究人員
0ang3el, 0x01alka, arneswinnen, d0xing, derision, djurado, dz_samir, edivan, hazimaslam, honoki, inhibitor181, jinOne, krevetk0, m0chan, madinmars, melar_dev, michael1026, nadino, nagli, nbabii, ngocdh, p4fg, proabiral, ramsexy, ras-it, rz01, seifelsallamy, stealthy, svennergr, thecaffeinefix, todayisnew, tolo7010, try_to_hack, wirtha, youstin, zonduu 0xd0m7, 0xelkot, afewgoats, ahmedehane, ajxchapman, ak1t4, akshyyaksl337, amad3u6, amaljacob, amsda, analyz3r, anandpingsafe, andi, andrewrusso, ansariosama, anupamas01, assassin_marcos, avezkhan, avram, bombon, brdoors3, bugra, caffeinefix, cakiki, chermysl, cocoh__23, codermak, comwrg, cyb3rz0n3, cygut, d0nut, d3f4u17, dirtycoder, dkd, dragonjar, egrep ehshahid, en_ahsanali, enzyro, fr4via, fracturedninja, fransrosen, freesecgofunc, h4x0r_dz, hackit0, hafolife, hailstorm1422, hk755a, hoangn14, holybugx, holyfield, homosec, hulk, huyngoc, hx01, ian, ignaciosarobe, imajes, imgnotfound, imnarendrabhati, iqbal_007, isimsiz, juji, kadusantiago, kotko, krynos, lehtu, m7mdharoun, malcolmx, manish_adz, mateuszek, melbadry9 michau, micr0mind, mikey96, mikkocarreon, mitchellwright, mr-hakhak, musab_alharanynaaash, naif_ksa, niraeth, none_of_the_above, not_stoppable, oxbo, pablofacciano, pankaj_kumar, paulcalabro, pesticide, polem4rch, realtess, recon_ninja, renekroka, rg0x01, rijalrojan, roberto99, rreiss, s3rdz0, s_p_q_r, salh4ckr, samlyhin, samux, shaikhyaser, sheikhimmi, sheikhrishad0, simontang, smaul, smitgharat0001, snorlhax sp00ka7x, spaceraccoon, stevenandres, th3g3nt3lman, txt3rob, villagelad, violet, vp40, w--, w2w, xsam, yuvraj_dighezanderziot
獨立研究人員
2021
漏洞賞金研究人員
0ang3el, 4lemon, afewgoats, ahmedehane, ak1t4, ali, amalyoman, amsda, ankitsingh, ansariosama, arneswinnen, asad0x01, ateek, bitsscrambler, bobrov, bubbounty, cdl, d0xing, d4rkm4tter, debsec, discodamone, diskodingo85, djurado, dkd, dz_samir, egrep, erbbysam, g003e, hazimaslam, honoki, hritiksh, indoappsec, inhibitor181, kaktaktoa, kcho, kirtan_patel, kotko, krevetk0, lucio, m0chan, m1s13ksnk, melar_dev, metnew, michael1026, mikee, nadino, nagli, nanwn, ngocdh, niemand_sec, nnez, node1, none_of_the_above, not_stoppable, p4fg, patrik, pnig0s, preben, proabiral, ramsexy, randomdeduction, ras-it, rhynorater, securitybreaker, sergeym, sheikhimmi, shubs, skavans, sml555, smsecurity, spaceraccoon, stuxnite, svennergr, tbehroz, the_arch_angel, todayisnew, tolo7010, try_to_hack, w--, w2w, wirtha, yaworsk, zonduu
獨立研究人員
2019 -2020
0xd0m7, 0xcaptainfreak, 4bg0p, 0ang3elakhilmm, alexeypetrenko, alfazero, alittleninja, amontes, ankitkrdixit, ankitsingh, annunaki, anonym0us_py, anshuman_bh, apox, appsecure_in, arl_rose, arneswinnen, asad0x01_, ashish_r_padelkar, ateek, bejaminkm, bobrov, brdoors3, bubbounty, bugbasher, bughunterboy, c1231665, cdl, charityhackers, charlieeriksen, chernobyl, cmd-0_0, constructor2019, cr4xerbik4sh, cyb1, d0nut, d3n0, dataalchemist, delisyd, derision, dhakal_ananda, dkd, dvl, dz_samir, edoverflow, eelsivart, egrep, erbbysam, fishofprey, foobar7, frozensolid, goravseth, gujjuboy10x00, hack_all_things, hackdev16, harisec, hazimaslam, hdbreaker, httpsonly, indoappsec, inhibitor181, intidc, isecurity, jackds, jahin0x01, jepatel, jllis, jong_jong, jsadler01, kapytein, kasperkarlsson, kazan71p, kcho, khizer47, kusl, lagertha, lfb, linkks, luied1920, m7mdharoun, mantis, mattaustin, metnew, michael1026, mikee, mlitchfield, moshemiz, mr_r0w07, narenp, neema, ngalog, ngocdh, nih8l, none_of_the_above, nullboy, p4fg, paresh_parmar, pcastagnaro_sfdc, pen3t3r, piyushmalik, pnig0s, poutine_hero, prateek_0490, protector47, psaux, pufo, pxh3, quanyang, r0x33d, ramsexy, randbug101, randomdeduction, randomusername, ras-it, redguard, rijalrojan, ris, rubyroobs, rudnkh, ruvlol, rz01, samux, securitybreaker, securitythinker, sergeym, shahmeer-amir, shailesh4594, shepard, silenthunter, skavans, slechjke, smaury, smiegles, smsecurity, sniper302, sp1d3rs, stok, streaak, strukt, sub_super, suhas_gaikwad, sunil_yedla, sysecure, ta8ahi, tahaismail9, techguynoob, todayisnew, tolo7010, tophersmith116, try_to_hack, trying_to_hack, txt3rob, ubepkr, vinothkumar, vp40, vulnh0lic, wh11tew0lf, whitehatter, wirtha, yashrs, yotamc19899, z0mb13, zapprising, zephrfish, zeroflaw, zigoo0, ziot
2017 -2018
Ervin Weber, Priyanshu Sahay, Elamaran V(BHEL Trichy), TechguySarath, Fredrik Almroth, David Dworken, Karim Valiev, Ankit Mittal, Chris Bland, Ruby Nealon <rubyroobs>, Andrew Leonov, Arne Swinnen, Anand Prakash, Guilherme Cesar Leite, Moataz Jemni, Hussain Adnan Hashim, Peter Yaworski, Ben Buechner, Ian Bouchard, Jubaer Al Nazi, Missoum Said, Yaala Abdellah, Samir Hadji, Evgeniy Yakovchuk, Karl Aparece, Hazim Aslam, Daniel Ballinger, Deepak K, Pier-Luc Maltais, Sergey Bobrov, Deepanker Chawla, Ahsankhan, Mohammed Fayez Ahmed Albanna, Elamaran V, Muhammad Khizer Javed, Iordache Cosmin, Muhammad Hassham Nagori, Gujjuboy10x00(Vishal), Osama Ansari, Prakash Sharma, Marius Horatau, Johnny Nipper, Simon Bräuer, TechguySarath, Tomi Koski, Ashish Padelkar, Stanko, SPQR, Sandeep Singh, Jens Müller, Waleed Ezz Eldin (WIBF), SecuNinja, Darshit Varotaria (Krydence Technologies -Trusted Digital Security Ally), Ankit Mittal
2016
Hadji Samir, Char49, Eusebiu Blindu, Peter Yaworski, Abdul Haq Khokhar, Abdul Rehman, Mustafa "strukt" Hasan, Frans Rosén, Yassine ABOUKIR, Raghav Bisht, Nikhil Kumar Srivastava, Jay Patel, Sagar Shah, Stefano Vettorazzi, David Vieira-Kurz (@secalert), Sasi Levi, Sandeep Singh, Artur Czyż, Ajay chavda, Matvejs Mascenko, Max Prietzel, Nightwatch Cybersecurity, jay k patel, Muhammad Hassaan Khan, Stephen Sclafani, Kacper Kwapisz, Seif Elsallamy, Arie Timmerman, Abhinav Karnawat \/ w4rri0r \/, satish bommisetty, Noriaki Iwasaki, harisec, Max Moroz, Dzmitry Lukyanenka, Deepanker Chawla, Nassim Bouali, Jose Luis Zayas Banderas, Teemu Kääriäinen, Issam Rabhi, Vathsa, Abdullah Hussam, psych0tr1a, PsihoZ26, Mustafa Hasan (strukt), Luciano Corsalini, Fizer Khan, Paulos Yibelo, Avram Marius Gabriel, N B Sri Harsha, Mathias Karlsson, Arsiadi Sriyanto, Cîrjă Florinel-Vasile (Quistertow), Darius Petrescu, Tomasz Bojarski, Pranav Hivarekar, Santiago "Mr Hack" López, Muhammad Asim Shahzad, karthickumar (Ramanathapuram), Yasir Altaf Zargar, Nitin Goplani, Hazim Aslam, Nicolas Grégoire, Jigar Thakkar (Akhani), SPQR, Benjamin Kunz Mejri, Jelmer de Hen, Ahmed Aboul-Ela, Arne Swinnen
提醒:請注意,此頁面每年更新一次。自 2021 年起,我們只會表揚向 Salesforce 提交有效報告的研究人員。 懷疑有問題?透過將電子郵件傳送至 security@salesforce.com,與 Salesforce 安全團隊私下分享可疑弱點的完整詳細資料。
