Heartbleed bug still a major threat to most companies, study finds

When the so-called Heartbleed bug was discovered earlier this year, it was quickly hailed as one of the most serious security problems in years. But a new study has found that the vast majority of big companies have done little to shore up their operations.

The Heartbleed flaw is a vulnerability in what’s called the OpenSSL system, which is software that’s used to encrypt sensitive information on nearly two-thirds of all websites. After the glitch was disclosed publicly by tech company researchers in April, experts said hackers could use it to steal passwords and access a variety of Web accounts, including email, banking and shopping services.

However, in reviewing the security systems of 1,613 major global companies, Venafi Labs reported Thursday that 97 percent of those businesses remain at risk.

“This leaves them vulnerable to cyber attacks, future brand damage and intellectual property loss,” the report said.

Illustration by KRT Archives


Steve Johnson Steve Johnson (298 Posts)

Steve Johnson covers the microchip industry, cyber security and the big-technology sector that includes Hewlett-Packard, Oracle and Cisco Systems.