This document is a public version of the formal Salesforce Vulnerability Management and Response Plans which, due to the exceptionally sensitive nature of its contents, may not be shared with external parties. This plan applies to all application security vulnerabilities occurring within Salesforce developed products. Salesforce defines an application security vulnerability as any unintended capability within an application which can adversely affect the confidentiality, integrity or availability of any Salesforce computing service or the data of our customers.