You are here
Home > Opinion > Heartbleed Remains a Risk 2 Years After It Was Reported

Heartbleed Remains a Risk 2 Years After It Was Reported

One of my oft-repeated messages is to keep all systems patched and up to date. This article on eWeek, focusing on widely deployed OpenSSL, makes the point that it’s difficult to know if unpatched software is embedded in products that you buy-in. That’s why relying on software updates alone might give you a false sense of security. Businesses also need to undertake regular penetration tests to look for vulnerabilities.

[…]

Although patches for Heartbleed have been available publicly for two years, the flaw is still a risk and likely still being exploited by attackers taking advantage of unpatched servers.”There are many organizations that are still at risk because they don’t know what their third-party vendors are implementing in products that they run on their network,” Marcus Carey, founder and CTO of vThreat, told eWEEK. “People don’t even know how many computers are connected to their networks, let alone what software is running on them.”

[…]

Original article here

Peter Glock
Over 30 years of designing, building and managing telecoms and IT services. Primarily working with large enterprise and professional services businesses in Asia, North America, continental Europe and the UK. Information security professional, secret physics nerd.
https://brownglock.com

Similar Articles

Leave a Reply

Top
%d bloggers like this: