Vulnerability Management and Response Plan Summary

This document serves as the public version of the Salesforce Vulnerability Management and Response plan, which is part of our overall vulnerability management program. The plan applies to all security vulnerabilities that occur across Salesforce services and within Salesforce developed products. Salesforce defines a security vulnerability as any unintended capability within our product offerings and services that can adversely affect the confidentiality, integrity, or availability of any Salesforce computing service or the data of our customers.

Files

Available versions for download

Reporting Start Date	Reporting End Date	Notes	Actions
2025-01-02	-	-	Login to download

Services covered

Services related to this document

Agentforce & Einstein Platform

Applicable to the services and features branded as: Agentforce (collectively, “Agentforce”) which

B2C Commerce / Commerce Cloud (First Party)

Applicable to the services branded as B2C Commerce/Commerce Cloud on First Party Data Centers

B2C Commerce / Commerce Cloud (Hyperforce)

Applicable to the services branded as B2C Commerce/Commerce Cloud on Hyperforce

Data Cloud

Applicable to the services branded as Data Cloud, Customer Data Cloud (aka Salesforce Data Cloud), o

General (not service specific)

Applicable to Salesforce as an entity without the context of a specific service (Corporate Services)

Heroku

Applicable to the services branded as Heroku.

Marketing Cloud - Account Engagement

Applicable to the services branded as Marketing Cloud Account Engagement (formerly branded as Pardot

Marketing Cloud - Advertising

Applicable to the services branded as Marketing Cloud - Advertising

Marketing Cloud - Engagement (First Party)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Engagement (Hyperforce)

Applicable to the services branded as Marketing Cloud - Engagement

Marketing Cloud - Growth

Applicable to the services branded as Marketing Cloud - Growth

Marketing Cloud - Intelligence

Applicable to the services branded as Marketing Cloud - Intelligence

Marketing Cloud - Personalization

Applicable to the services branded as Marketing Cloud - Personalization

MuleSoft

Applicable to the services branded as MuleSoft or the Anypoint Platform (MuleSoft Services).

MuleSoft Government Cloud

Applicable only to the services branded as MuleSoft Government Cloud. The MuleSoft Government Cloud

Own by Salesforce

Applicable to the services branded as Own by Salesforce (formerly known as OwnCompany Inc.) which in

Quip

Applicable to the services branded as Quip

Sales Enablement

Applicable to the services branded as Sales Enablement (formerly branded as myTrailhead)

Salesforce Government Cloud Plus

Please note that some documents listed below are specific to FedRAMP-authorized environments and the

Salesforce Government Cloud Plus - Defense

Applicable only to the environment branded and sold as Government Cloud Plus - Defense Government C

Salesforce Professional Services

Applicable to professional services performed by SFDC, its Affiliates, or its or their respective pe

Salesforce Services (First Party)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter,

Salesforce Services (Hyperforce)

Applicable to the core salesforce services branded as B2B Commerce on Lightning Experience, Chatter,

Slack

Applicable to the services branded as Slack.

Slack (GovSlack)

Applicable only to the environment branded and sold as GovSlack. GovSlack is a dedicated instance

Tableau Cloud

Applicable to the services branded as Tableau Cloud