Salesforce Security Assessments

Publish Date: Sep 17, 2025

Description

As of January 31, 2023, customers are no longer required to obtain prior approval before performing security assessments for Salesforce products.

All assessments must continue to be performed in accordance with the Security Assessment Agreement but customers may commence testing without notifying Salesforce beforehand.

If your assessment does generate vulnerability findings, please validate automated findings and reference our public documentation related to common false-positive reports here.

If you require a Due Diligence/Security Questionnaire or a third-party risk assessment, Salesforce has a separate process to get this completed.

Note: Do NOT send an email to security@salesforce.com. Please reach out to your account executive or your customer success manager for assistance.

Resolution

We encourage you to submit any remaining validated vulnerability findings to https://security.salesforce.com/contact so our security teams can assist you with resolution.

Please reference the Security Vulnerability Finding Submittal Guide to assist in submitting the needed information.

Knowledge Article Number

000394469

Did this article solve your issue?

Let us know so we can improve!

Salesforce Security Assessments

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List