Heartbleed is likely to have “very long tail” for software vendors

Security

by Jimmy Nicholls| 07 May 2014

Blue Coat’s Hugh Thompson calls for security collaboration among firms.

Heartbleed is likely to have a "very long tail", with many small companies forced to patch over the coming months, according to digital security firm Blue Coat.

Hugh Thompson, chief security strategist at Blue Coat, told CBR that the password-affecting bug could have a long-term impact on small software vendors in particular.

He said: "I think this vulnerability has a very long tail, and I think we're going to be hearing about it for awhile.

"The thing that we're going to see play out over the next few months is the response of small software vendors who have never had to issue an emergency security related patch."

He added that companies now need to consider collaborating on ubiquitous technology. "Open SSL is used everywhere. It's what's used because doing computer code right is hard."

The prevalence of Open SSL was revealed by the Heartbleed bug, which afflicted many of tech's biggest names.

"To the average consumer it's very tough for them to evaluate the type of companies they do business with," Thompson said. "I think one of the biggest things that you can do as a consumer is to put pressure on those businesses to at least provide answers to those questions."

"I definitely wouldn't advise against open source software," he added. "[But] I think it's a very interesting call to action for open source committees."

In late April technology giants including Facebook and Microsoft set up the Core Infrastructure Initiative, a fund to aid development of open source technologies started by the Linux Foundation. The hope is that they will avoid situations similar to Heartbleed in the future.

"I'd say in terms of attacks it's more dangerous than it's ever been," Thompson said.

His advice for companies is that they stop addressing every breach in favour of creating a security net to allow quick recovery. "If you plan for that kind of failure I think that's potentially a game changing scenario."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

754 people like this.
0 people follow this.

Security Intelligence

Buy the latest industry research online today!
See more

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.