[Closed, Vulnerabilities disclosed publicly]
Target Audience – Customers of SalesForce
Target Audience – Customers of SalesForce
SalesForce a sub of Force, encourages security researchers to come forward and report bugs in their websites to them while also adhering to Responsible disclosure policy.
But they offer no reward, no compensation for bug reporting. No hall of fame either. This creates disinterest among researchers and discourages them to report bugs, hence some sell it to hackers and some post it publicly.
As a customer of SalesForce, you should be aware that all your data online is not safe. I have found Cross site scripting (XSS) bug in multiple of their sub domains & BREACH attack.
I don’t want anyone to exploit, hence I will report to them after Public disclosure. Either way, they will get bug details.
No comments:
Post a Comment