Skip to main content

Heartbleed Bug: Vendor Compensating Controls

April 10, 2014

A critical vulnerability in OpenSSL (CVE-2014-0160) known as the Heartbleed Bug was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, compromising the integrity of the secure channel, potentially exposing personal information such as passwords, credit card information and emails.

Yesterday, we published a white paper on the Heartbleed Bug, its implications and recommendations for remediation. Today, we published a supplemental paper on compensating controls released by specific vendors to detect and block attempts at exploiting this vulnerability. This additional paper includes specific instructions on how to install and monitor the controls. We will continue to update this paper as new vendor threat prevention databases are released, so please check back regularly.

Related Blogs

August 23, 2016

Business Driven Vendor Risk Assessment Template

The pace and level of outsourcing has continued to evolve and now includes any and all business areas and cloud services. Outsourcing decisions often ...

See Details

August 18, 2016

Six Steps for Establishing a Vendor Risk Management Program

One of the key problem areas of enterprise risk management is vendor risk. Managing hundreds to thousands of vendors, suppliers, outsourcers and other...

See Details

January 14, 2014

Securing the Hypervisor: Tools & Guides from Leading Vendors

A recent breach of the SSL tools website www.openssl.com appears to be the result of insecure passwords on the service provider’s hypervisor, which al...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

October 11, 2017

Managed Vulnerability Services

Optiv’s managed vulnerability services identify, prioritize and reduce network vulnerability exposure.

See Details

June 09, 2018

Application Security Assessments

Our AppSec experts combine extensive knowledge and scanning tool experience with manual testing methods to protect you against vulnerabilities automat...

See Details

December 01, 2016

Building an Effective Vulnerability Management Program

Optiv designs effective vulnerability management programs (VMP) to improve your security posture.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.