The Heartbleed problem can be blamed on insufficient investment; safety review for open source code is rarely funded, nor sustainable when it is. The Heartbleed problem can be blamed on poor planning; wide deployment within critical functions but without any repair regime. There seem to be three ways out of this dilemma. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. Heartbleed is a vulnerability with a CVSS score of only 5.0/10. As of this morning we have observed 840 breaches related to the Heartbleed vulnerability, CVE-2014-0160. More than enough has been said about the technical details of the vulnerability; hence I’d like to use this post to discuss the vulnerability management implications of Heartbleed, because they are both alarming and telling. The newly-discovered “Heartbleed Bug” exposed millions of usernames, passwords and credit card numbers to hackers. But there’s a subtler, secondary reason the security flaw is on so many. Heartbleed synonyms, Heartbleed pronunciation, Heartbleed translation, English dictionary definition of Heartbleed. Abbreviation for Secure Sockets Layer: a way of enabling the secure encrypted transmission of sensitive data via the internet Collins English Dictionary –.Also found in: Dictionary.
HeartbleedA bug in the widely used OpenSSL Internet security protocol that was discovered on April 1, 2014. Heartbleed enabled a large amount of memory (RAM) to be accessed, which could disclose passwords and private keys. Although a patch was forthcoming in a matter of days, more than a half million Web servers were vulnerable until the patch was applied. See OpenSSL, SSL and TLS.
Want to thank TFD for its existence? Tell a friend about us, add a link to this page, or visit the webmaster's page for free fun content.
Link to this page:
The new European data protection law requires us to inform you of the following before you use our website: