Cyara Blog

    Heartbleed Bug: should I be worried?

    Posted by Luan Tran, CTO, Cyara

    April 23, 2014

    Even if you’re not an active IT professional, you’ve probably heard about the Heartbleed bug, which affects the OpenSSL framework used by many internet sites to provide secure communication. There are myriad news sites and articles available that can guide you through a review to safeguard any personal data you access through the internet.

    Here at Cyara we’ve been busy conducting a comprehensive security review as well, to ensure that our systems, customers and all data is secure. It’s important to note that Cyara does not use OpenSSL, the source of the vulnerability.

    While our systems, customers and data were never vulnerable to the Heartbleed Bug through the Cyara Platform, there are always reasons for any SaaS company to evaluate and upgrade security standards. It’s part of our service promise to you – to do our very best to protect your data and your systems.

    Our comprehensive security audit of Cyara applications and infrastructure started before anyone had even publicized the Heartbleed vulnerability. While it’s nice to know that our auditor independently confirmed our portals are not vulnerable to Heartbleed, it’s also good to know that our systems are designed with security in mind. Security is never an afterthought, or an add-on; it’s part of our core design.

    What should I do now?

    Given that Cyara is not affected by Heartbleed, you do not need to do anything to continue to use the Cyara Platform. However, for added assurance and as a security best practice, this is the perfect reminder to change your Cyara password on a regular basis. You can initiate password reset activities via the Cyara Portal.

    As we release our next generation Cyara Platform, we know you’ll love the enhancements we’ve made based on discussions with our customers. What won’t be visible is the level of commitment we put into ensuring security. Our innovation is built on a foundation of unwavering security diligence. And while you may not be able to see it, we strive to live it every day so you don’t have to.

    As always, I welcome any feedback so please share your thoughts with me ([email protected]), or any of the Cyara team.

    Luan Tran
    CTO