SafeLogic Responds to Heartbleed

We just issued an advisory notice for customers regarding the recent Heartbleed vulnerability in OpenSSL.

The issue doesn't reside within our CryptoComply module; it's in the higher level OpenSSL libraries that (can) call into our CryptoComply module. This means there is no FIPS impact to our customers... however, there is a security impact.

Folks, this is serious stuff. Key material is subject to being disclosed to attackers. Even if you're using another crypto module with your vulnerable OpenSSL implementation, patch it immediately. But just patching it isn't enough. Consider this the right time to update your keys and certificates. You should assume that an attacker knows them by now.

I have to say that I'm very proud of the SafeLogic team here. We responded and had new builds commencing within a few hours of the notice. We provide upstream OSSL stack as a value to our customers, and it's important to all of us that they run securely. Builds run through smoke testing and functional testing to ensure proper operation for FIPS, and builds are available on our support portal.

We'll continue to stay on top of this. We're not only looking to help our customers... we want to help protect the industry at large. This is that big of an issue. Security awareness becomes key, so let's keep this at top of mind.

Ray Potter

Ray Potter is the Founder of SafeLogic, which was spun off from his previous venture, the Apex Assurance Group consulting firm. He brings over 20 years of security and compliance experience, including leading teams at Cisco and Ernst & Young, to the operations team at SafeLogic. Ray loves playing guitar and flying airplanes.

heartbleed• Industry News• FIPS 140• vulnerability• Advisories• OpenSSL

Back to posts

The SafeLogic Blog

SafeLogic Responds to Heartbleed

Ray Potter

Popular Posts

Search for posts

Tags