Heartbleed, the latest cyber-threat to haunt the Web, is more evidence of the back seat security takes among many programmers, according to Maty Siman, CTO and founder of Checkmarx.
“Heartbleed is a bug in the basic implementation of open-source OpenSSL,” said Siman. “Many security problems, like Heartbleed, can be traced to the original code written by programmers — in which they added features without checking the security ramifications.”
Related articles
- Another Billion-Ish Buyout: IBM Buys Israeli Security Firm Trusteer
- Riskified: The New Player In E-commerce Security
Heartbleed is the name given to a bug that was discovered in early April in code widely used to implement the Internet’s Transport Layer Security (TLS) protocol, the open-source OpenSSL cryptography library. Apparently around for a few years, Heartbleed is believed to affect nearly 20 percent of secure web servers, those supposed to be safe to submit credit card information. According to some experts, Heartbleed may be the biggest, and worst, security breach ever to hit the Internet.
A fixed version of OpenSSL has since been issued, but who knows what other bugs await discovery? There may very well be more bugs in OpenSSL and many other programs and protocols widely used on the Internet today, according to Siman.
Had programmers used Checkmarx’s technology to check their work against security protocols when writing applications for secure websites with OpenSSL, the bug might have been caught before it caused any damage, according to Siman.
This article was first published on The Times of Israel and was re-posted with permission. To continue reading this article on the TOI site, click here.
Photo: Sklathill
Related posts
Editors’ & Readers’ Choice: 10 Favorite NoCamels Articles
Forward Facing: What Does The Future Hold For Israeli High-Tech?
Impact Innovation: Israeli Startups That Could Shape Our Future
Facebook comments