Heartbleed was an abrupt but necessary reminder that when it comes to the Internet, nothing is safe. The massive OpenSSL security hole was discovered earlier this month, and it affected 66% of the entire Internet at the time of its discovery. Most large websites have patched the bug by now and Heartbleed chatter across the Web is inevitably starting to die down. But as one security expert recently pointed out, patching Heartbleed hardly makes the Internet safe again.
“In the wake of the HeartBleed vulnerability, many organizations and hosting providers have lulled themselves into a false sense of security by relying on Intrusion Detection Systems (IDS) to automatically deal with HeartBleed attacks,” Halon Security CEO Jonas Falck said recently. “IDS systems were designed to sniff out vulnerabilities, but closed source development teams take too long to respond and patch issues like HeartBleed.”
He continued, “The Open Source community has received a bad rap for the OpenSSL exposure, but the community has rallied together to patch the issue quickly. If anything, the HeartBleed issue has shown how reliant the Internet as a whole is on Open Source, so if corporations can give back to the Open Source community after taking advantage of OpenSSL or so long, there will be more eye balls spotting vulnerabilities earlier in the future.”
According to Falck, “the Internet will never be 100% safe” from hackers and vulnerabilities like Heartbleed. With the right strategies, however, security companies can take steps to protect businesses and consumers more thoroughly.
“Nothing is completely safe on the Internet, and similar to driving a car, we all take a calculated risk by participating,” said Falck. “The Internet was built for communication, and not built with security in mind. Like all walks of life there will be some hiccups, and the HeartBleed issue was certainly a major hiccup for the Open Source community. However, security vendors need to investment more in quality solutions and constant innovation in order to stay ahead of malicious hackers, and spend less time on marketing.”