Revised Guidelines for Salesforce Product Vulnerability Submissions

What's Changing?

Starting October 1, 2025 we will be transitioning from our current email-based intake system to a new web-based form for submitting product vulnerability reports. This means that instead of sending emails to security@salesforce.com, you will now submit your reports through our dedicated online portal. 

To report all other other security concerns, including phishing attempts and inappropriate content, please visit https://security.salesforce.com/contact.

Why the Change?

This transition to a web-based form is designed to enhance the overall efficiency and effectiveness of our vulnerability management process. Here are the key benefits:

1. Faster Resolution Times: The new portal ensures that all necessary information is captured upfront, reducing delays caused by incomplete initial submissions.

2. Improved Tracking and Analysis: The form allows for better identification and tracking of multiple vulnerabilities within a single report, enabling more accurate and efficient triage and analysis.

What You Need to Do

- Starting October 1, 2025, please begin using the following link to submit your product vulnerability reports: https://www.sfdc.co/SubmitVuln

- The email address security@salesforce.com will continue to accept vulnerability submissions until November 15, 2025, to allow time for customers to adjust their applicable processes

Support and Assistance

We are committed to making this transition as smooth as possible for you. If you have any questions or need assistance with the new portal, please do not hesitate to reach out via the security@salesforce.com email address. 

We appreciate your understanding and cooperation as we make this important change to better serve you. Thank you for your continued partnership with Salesforce.