Heartbleed is likely to have “very long tail” for software vendors

Data Jimmy Nicholls

10:01, May 7 2014


Blue Coat’s Hugh Thompson calls for security collaboration among firms.

Heartbleed is likely to have a "very long tail", with many small companies forced to patch over the coming months, according to digital security firm Blue Coat.

Hugh Thompson, chief security strategist at Blue Coat, told CBR that the password-affecting bug could have a long-term impact on small software vendors in particular.

He said: "I think this vulnerability has a very long tail, and I think we're going to be hearing about it for awhile.

"The thing that we're going to see play out over the next few months is the response of small software vendors who have never had to issue an emergency security related patch."

He added that companies now need to consider collaborating on ubiquitous technology. "Open SSL is used everywhere. It's what's used because doing computer code right is hard."

The prevalence of Open SSL was revealed by the Heartbleed bug, which afflicted many of tech's biggest names.

"To the average consumer it's very tough for them to evaluate the type of companies they do business with," Thompson said. "I think one of the biggest things that you can do as a consumer is to put pressure on those businesses to at least provide answers to those questions."

"I definitely wouldn't advise against open source software," he added. "[But] I think it's a very interesting call to action for open source committees."

In late April technology giants including Facebook and Microsoft set up the Core Infrastructure Initiative, a fund to aid development of open source technologies started by the Linux Foundation. The hope is that they will avoid situations similar to Heartbleed in the future.

"I'd say in terms of attacks it's more dangerous than it's ever been," Thompson said.

His advice for companies is that they stop addressing every breach in favour of creating a security net to allow quick recovery. "If you plan for that kind of failure I think that's potentially a game changing scenario."

Source: Company Press Release

get a cbr Cyber Security weekly update

Terms & Conditions & Privacy Policy.


Post a comment

Comments may be moderated for spam, obscenities or defamation.