Don’t Let Heartbleed Lead to Vendor Management Heartbreak

Just in time for Valentine’s Day, a new study has found that the Heartbleed Bug remains a serious problem for nearly 200,000 Internet-connected devices raising the question of how effectively your vendors are managing their patch updates.

The Heartbleed Bug first made headlines in April 2013. It’s “a serious vulnerability in the popular OpenSSL cryptographic software library,” according to Heartbleed.com. For those who don’t speak geek, Heartbleed makes it easy to steal information, like passwords, that is typically protected by encryption during transmission over the internet. Worse yet, “it allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users,” the site says.

The bug is easy enough to stop with a patch that fixes the vulnerability. So far about 400,000 servers have either been fixed or taken offline, but apparently not everyone has taken that step. Amazon Web Services hosts 6,375 vulnerable servers, according to the study by Shodan, a search engine for internet-connected devices, more than any other domain.

In an environment when cyber and data security are top of mind, it’s critically important to be certain that vendors are keeping pace with the latest threats and solutions. After all, it’s not just Heartbleed you need to worry about. There are lots of nefarious bugs out there.

Make sure your vendors have active programs in place to install updates and patches to ensure their servers—and your information—isn’t vulnerable.