Tim Erlin, director of IT security and risk strategy at Tripwire offered the following comments and advice on an alert from The OpenSSL project team that they will be patching a high severity bug this Thursday, July 9:
Tim Erlin, Director of IT Security and Risk Strategy at Tripwire:
“This type of a pre-announcement is intended to give organizations a chance to prepare. A huge part of the heartburn with Heartbleed came from the scramble to identify where organizations were vulnerable and how to apply patches. In this case, a little organization can go a long way to a smoother patching cycle. Software vendors who use OpenSSL can be prepared to patch their code and ship new versions faster, and end-users can inventory where they have OpenSSL and set up appropriate testing environments ahead of time.”