In 2014, the Heartbleed security bug in the OpenSSL cryptographic library was announced, affecting all systems that used the OpenSSL library. Even though this product was open source, no one had caught the vulnerability for many years, disproving the often-stated mantra that open source is inherently more secure than proprietary software because more eyes review the source code.
Answer the following questions:
- In one or two paragraphs, summarize the Heartbleed vulnerability that was discovered and how it affected companies that used devices that relied on OpenSSL.
- How does the use of open source technology affect your company’s security when it comes to the software supply chain?
- What more could be done to protect your systems that rely on third party software?
- How can these approaches scale given the complexities and interlinks that exist in software libraries, systems, and cloud services?
Format
- Answers should be written in paragraphs. Bullet points may be used for lists introduced by the paragraphs if desired.
0 comments