Tod Beardsley, Security Engineering Manager, Rapid7 have the following comments on OpenSSL Vulnerability.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 :
“IT folks should prioritise applying the announced patches against their usual business needs; after all, the highest rated OpenSSL vulnerability is merely “moderate,” and I’d expect the OpenSSL Project to err on the side of more severe than less. While online retailers are going to be particularly sensitive to downtime this week, anyone who can afford the time it takes to test and push patches to production should do so. Having these issues buttoned up well before the holidays can help with peace of mind on the off chance these issues are more severe than initially assessed.”[/su_note][su_box title=”About Rapid7″ style=”noise” box_color=”#336588″]Rapid7 security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.