You may have recently heard or read about a vulnerability that has been identified in the popular OpenSSL cryptographic software library. The vulnerability itself called “Heartbleed” allows the stealing of the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet and the issue allows anyone on the Internet with malicious intent to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
As Cognito use the OpenSSL cryptographic library, we wish to re-assure our customers that we have thoroughly investigated this issue and are pleased to confirm that we are in no way affected by this issue. In fact the vulnerability does not exist in the versions of OpenSSL currently deployed by Cognito.
Unsurprisingly, we take security extremely seriously and invest significant resources on maintaining the integrity of all aspects of our customer solutions, our business and intellectual property. We are in continuous dialogue with and work closely with our vendors regarding the supportability and maintainability of our environments and utilise our ISO27001 certification to underpin our security measures and procedures.
Please be assured that the above “Heartbleed” issue does not represent any threat to Cognito’ solutions or services.
To download the press release, click here.