At Salesforce, trust is our #1 value and we take the protection of our customers' data very seriously.
On March 1, 2016, researchers published details on a security vulnerability that affects implementations of the SSLv2 (Secure Sockets Layer) protocol, which is being called the “DROWN attack” and which has been assigned CVE-2016-0800. The vulnerability may allow a man-in-the-middle attack to extract data from secure HTTP connections.
We have evaluated the vulnerability and potential impact to Salesforce customers. At this time, we do not believe Salesforce servers are vulnerable to this attack.
We appreciate your trust in us as we continue to make your success our top priority.