Does Heartbleed exploit risk always justify patching?

Does Heartbleed exploit risk always justify patching?

Does Heartbleed exploit risk always justify patching?

Date: Jul 18, 2014

As widespread as the Heartbleed OpenSSL vulnerability was, affecting nearly all enterprises, Heartbleed exploits were surprisingly limited.

According to Jay Heiser, research vice president with Stamford, Connecticut-based IT research firm Gartner Inc., despite its pervasiveness Heartbleed largely turned out to be a non-issue. In turn, this should spawn an interesting discussion among enterprises about whether the time, effort and cost of patching every Heartbleed flaw is ultimately justified.

"I'm sure there are instances in which some organizations could continue indefinitely [without patching Heartbleed]," Heiser said. "But I don't know how an organization would make that determination."

In this interview, conducted at the 2014 Gartner Security & Risk Management Summit, Heiser discusses Heartbleed and what it means for enterprises in the context of risk assessment, vulnerability management ROI and the ubiquitous use of vulnerable code.

"One piece of code was so pervasively used across the nexus by so many hardware devices and software implementations," Heiser said. "We may never again see an instance in which such a monocultural failure took place. But what other single points of failure are still out there?"

More on SSL and TLS VPN Security

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest