OpenSSL Security Vulnerabilities and other C-based Risks

By Jason Macy | Date posted: April 11, 2014

One of the most significant OpenSSL security vulnerabilities is the latest Heartbleed OpenSSL security flaw (CVE-2014-0160). This OpenSSL security vulnerability is again a re-affirmation that usage of C-based security modules by an enterprise company greatly increases its risk posture. You can be certain that IT security folks out there felt that they were making the right architectural decisions to secure the enterprise. The problem isn’t the intent, the problem is the premise. Applications, wrapped in security band-aids , is not a sound enterprise risk mitigation strategy. Sure, Apache and OpenSSL are widely available and have been around for a long time, but look where it has led us.

Read more

Predictions from 2002-2003: Heartbleed = Criminal Negligence

By Mamoon Yunus | Date posted: April 10, 2014

Here is an archived document that Forum Systems published in 2002-2003 while architecting Forum Sentry, our flagship gateway product.  We would like you to read this white paper to understand the importance of a security-first approach while building systems that exchange data between users and applications. Read more

How to fix OpenSSL Heartbleed Security Flaw

By Rizwan Mallal | Date posted:

In this article, we will show you how to fix the OpenSSL Heartbleed security flaw. OpenSSL Heartbleed has been recently discovered by security researchers. This security flaw is as a result of a software bug in the SSL/TLS protocol implementation of the OpenSSL library. Read more