Salesforce has made a good faith
Posted: Wed May 28, 2025 4:54 am
effort to provide you with Salesforce Mobile and Intune specific responses. The information provided here is for informational purposes only, and based on numerous customer conversations and public documentation. Salesforce can only provide details on how Salesforce Mobile App works and integrates with various MDM solutions and Intune based on standards. For Intune specific questions, see Microsoft documentation.Open source software accelerates innovation and development cycles, encourages community engagement and knowledge sharing, and promotes transparency through external reviews and contributions. Writing open source software can also lead to faster turnaround times, lower costs, and easier license management. At Salesforce, open source is an important cornerstone of our business. The Commons Program supports the open source community to bring innovation on the Salesforce platform for nonprofits and schools.
Because open source software is community-driven with multiple contributors, it’s important to know and understand open source security best practices to secure your components and protect them from potential threats and vulnerabilities. Let’s review the best practices you should follow to secure your open source code.
Secure coding practices
Adopt secure coding practices, such as Salesforce’s Secure america phone number list Coding Guidelines, that address securely handling sensitive data, input validation, output encoding, and avoiding direct use of user input in queries. Remember to always choose an industry standard secure encryption algorithm and hashing for sensitive data, in rest and in transit. This will not only remove the commonly exploited software vulnerabilities, but helps to prevent long term costs to fix the vulnerable code.
Protect your credentials/secrets
Never hardcode sensitive information like passwords or API keys in your code. If API or encryption keys are committed to the codebase, attackers can gain unauthorized access to your servers, databases, or development tools. Remember to always scan your codebase using a credential scanner, such as the Salesforce Code Scanner Portal (for Salesforce customers and partners), to prevent credential and secret leakage.
Because open source software is community-driven with multiple contributors, it’s important to know and understand open source security best practices to secure your components and protect them from potential threats and vulnerabilities. Let’s review the best practices you should follow to secure your open source code.
Secure coding practices
Adopt secure coding practices, such as Salesforce’s Secure america phone number list Coding Guidelines, that address securely handling sensitive data, input validation, output encoding, and avoiding direct use of user input in queries. Remember to always choose an industry standard secure encryption algorithm and hashing for sensitive data, in rest and in transit. This will not only remove the commonly exploited software vulnerabilities, but helps to prevent long term costs to fix the vulnerable code.
Protect your credentials/secrets
Never hardcode sensitive information like passwords or API keys in your code. If API or encryption keys are committed to the codebase, attackers can gain unauthorized access to your servers, databases, or development tools. Remember to always scan your codebase using a credential scanner, such as the Salesforce Code Scanner Portal (for Salesforce customers and partners), to prevent credential and secret leakage.