“Heartbleed is a bug in the basic implementation of open-source OpenSSL,” said Siman. “Many security problems, like Heartbleed, can be traced to the original code written by programmers — in which they added features without checking the security ramifications.”
Get our weekly highlights directly in your inbox!Sign up
- Another Billion-Ish Buyout: IBM Buys Israeli Security Firm Trusteer
- Riskified: The New Player In E-commerce Security
Heartbleed is the name given to a bug that was discovered in early April in code widely used to implement the Internet’s Transport Layer Security (TLS) protocol, the open-source OpenSSL cryptography library. Apparently around for a few years, Heartbleed is believed to affect nearly 20 percent of secure web servers, those supposed to be safe to submit credit card information. According to some experts, Heartbleed may be the biggest, and worst, security breach ever to hit the Internet.
A fixed version of OpenSSL has since been issued, but who knows what other bugs await discovery? There may very well be more bugs in OpenSSL and many other programs and protocols widely used on the Internet today, according to Siman.
Had programmers used Checkmarx’s technology to check their work against security protocols when writing applications for secure websites with OpenSSL, the bug might have been caught before it caused any damage, according to Siman.
This article was first published on The Times of Israel and was re-posted with permission. To continue reading this article on the TOI site, click here.