A year and a half ago, When Anmu joined Didi Security and prepared for the Didi Chuxing Safety Emergency Response Center (DSRC), it was very "ignorant". An Qi thought about it, before some loophole operation management experience, first do it to try. Therefore, the process and normalization combing began, and the DSRC vulnerability closed-loop standardization process was established. In the increasing relationship with the white hat, she overheard about the user-operated AARRR system, and learned that she could also sort out the daily work in this way, thus establishing the foundation of the DSRC's vulnerability operation and the maintenance of the white hat.
On January 12, An Huan told Lei Feng that the total number of white hats in the DSRC has reached more than 1,000. On the same day, when she first shared her experience in building SRC at the Didi Security Conference, many peers photographed its PPT "learning from the experience", knowing that the big black brother (Zhou Jingping) of Chuangyu 404 Laboratory wrote a "sense of hindsight" in the circle of friends - "Since the establishment of TSRC, I have written a lot of articles about SRC construction, and it is very interesting to see the process of Didi SRC today." ”
What exactly did Ann Say? Lei Feng's home channel intercepted part of the PPT of An's speech.
Her core view is that in order to improve the quantity and quality of loopholes and white hats, it is necessary to consider the new, rough work, retention, transformation, recommendation and other aspects of white hats, and introduces the specific experience and methods in practice. In addition, vulnerability submission is not the end, repair is not the end, the real review and analysis of each valuable vulnerability, and clear and implement improvement measures to achieve a closed-loop mechanism.
At present, many SRC pay attention to the relationship maintenance with white hats, and Ann believes that material rewards for white hats are essential, but not only material, for white hats, respect and rights are more important - such as white hats can participate in the planning of the platform, the development of the list of guests to be invited to the conference, etc.
At the conference site, Didi announced the 11 white hat hackers who contributed the most in 2017, including Invincible Lover, IT Joker, Tufuzi, Hero Horse, 0h1in9e, Biao No, Here Boy, Ryan, A1opex, Winway and Stan.
While the company is building SRC with care, how does the white hat view the matter of digging holes? Lei Feng selected some white hats to DSRC's message:
Built for digging holes! I dig holes in my joy – trailblazers
The hole is dug because of love - FYX
I'm white hat, using the technical power of hackers to find problems and solve problems with the right values. Do not be swayed by interests, do not bend for the black industry, no matter what the world does, the original intention of safety first will never change! Believe your fingertips have the power to change the world!—— Dream catcher
Why dig a hole? For life. ——Henry
If it wasn't for justice, then digging holes would be pointless — Rotten apple
The process of digging a hole learns postures, and by the way, you can earn money to reduce the burden on your family. ——0h1in9e
Because I like it, I dig a hole. People who do not understand security are happy, and our responsibility is to guard their happiness. ——Tozsj
Why do I want to dig a hole? A childhood dream, I wanted to be a chivalrous guest in the world of the Internet. ------------------------
Holes are dug for fun! Yes, just for fun. ——Poc Sir
Digging a hole this is like poisoning, accidentally stained with a hole, looking at everywhere there is a hole, where all want to dig a dig, has gone crazy, seeking the antidote - E-Yaoyang 97
At first, I just wanted to dig holes and replenish the small treasury, so I could buy and buy when various games were made. But when you try all kinds of postures, all kinds of routines, including your most proud techniques, you can't get into it, and at this time, what version of the program is left in your head that you haven't obtained? Is there a bug in this version? ............ Finally, when you think about your attack process, you will feel that only Dad can come up with such a commotion. —— Arrow zzzzzz
Why dig a hole? Because...... Huaxia Dream... Because...... My jianghu... Because...... survive. Because, this is very demanding. —— S3art, SL
In order to successfully complete the two centenary goals and for the Chinese dream of the great rejuvenation of the Chinese nation, dig !!! —— rstone
Why dig a hole? Just want to unlock a new pose, no other meaning - Nioty
In fact, we white hats dig holes, many times not for the renminbi. Just for a sentence inside the vendor bulletin: thanks for the submission, has been coordinated to fix. At that time, a sense of pride and accomplishment came out of nowhere. - XuanDao
The real white hat is probably the kind of daily shouting: don't dig, don't dig. But the people who always appear on the leaderboards? ——Tuuu
World peace is good — ink
It has been at the forefront of technology in obscurity, but it has been ruthlessly ignored. Even if it is pierced, it will not change the original intention of continuous innovation. ---------------------------------
Every time you submit a vulnerability, even if there is no reward, you actually want to hear a word, thank you. ——Franklin
Not much, just a word of thanks. ——Ta,
There may not be a rainbow after the clouds, but an SRC with a white hat! - Hero Horse
When I first entered the security circle, my seniors told me, "Our goal is: no loopholes," but in reality, it is impossible to have no loopholes. ——goblin
When I was a programmer, I wrote down ChaMd5 and went down the safe path, hoping that it was the beginning of every new person who helped everyone and why they came together in the first place. ——M
Years ago I thought about digging holes as a career direction, but back then, it was really a hard thing to do (ten years ago, or even earlier) and there was not much way out. I really envy the current college students, who have all kinds of CTFs in school, which can be used as hobbies or developed into careers. As long as you work hard, there is a prospect. - Cyber Ranger
Safety is an art! - IT clown
Penetrating into the middle of the night, suddenly hungry, so a few of us went to the supermarket below the hotel to buy instant noodles and pickled pepper chicken feet. Came back and fought until the sun came out before going to sleep. At ten o'clock I went to the company for a meeting. ...... To the youth, to the colleagues of the year, thank you for your company! ——Yu Xiaokui
Take the boyfriend's (girl) friend's mobile phone to the girlfriend's (buddy) home, turn on the wifi, and then see if it can automatically connect, this is the social worker! ——echo
Scan the moon night high, sleepy face floating. Who knows the white hat, the hole digger fatigue. - "The White Hat of Mercy" for the little rookie of retreat cultivation techniques