OpenSSL For Your Business
Security is a top concern for businesses working with data. Whether it’s on your network or on the cloud it is important to understand the risks your data faces on a daily basis and know how to mitigate those risks. Taking a look at OpenSSL vulnerabilities we can see how vulnerabilities appear and how we can prepare for them.
OpenSSL is an attractive target because it is open source and free to use. This makes it exceptionally vulnerable because a single virus could have enormous effects on the entire system. Heartbleed is one such vulnerability that allows your information to be stolen though it is normally protected.
The Heartbleed bug allows anybody on the Internet to read the memory of protected systems. Attackers can eavesdrop on communications, steal data from users and impersonate users. This is one of several bugs that have affected OpenSSL that presents exploitable vulnerabilities with negative impacts.
Open source software naturally tends to face these types of vulnerabilities because volunteer programmers in remote locations build it up. While they put in a fair share of great ideas, it is much easier to create wholes that open the software up to security threats. Multiple programmers do allow the error to be quickly fixed so vulnerabilities don’t survive for too long.
Array Networks boasts a proprietary SSL stack for many reasons. “Our proprietary SSL stack has proven immune to OpenSSL vulnerabilities, such as Heartbleed, Bash, and others. We’ve also ‘walled off’ production traffic from our product functions that do use OpenSSL –Thus limiting exposure – and we use an older, time-tested OpenSSL version that predates the introduction of the Heartbleed code error.”
When using OpenSSL, you need to be aware that you will always be subject to vulnerabilities and for the most part, you might not be able to avoid the use. OpenSSL previously only had one full-time developer, however, and there has been much effort to improve that to include more developers so issues may be addressed more quickly.
The infographic below from NIST National Vulnerability Database tracks some of the threats encountered to OpenSSL.