The Heartbleed vulnerability in OpenSSl is forcing enterprises to rapidly patch thousands of servers, but the first challenge is to find all the servers using the vulnerable version of OpenSSL. Many enterprises don't know how many websites they own, such as externally hosted sites in the cloud or those acquired via mergers and acquisitions. Plus, OpenSSL is not only used in web servers ' are you finding all your vulnerable instances?
Once you have your environment security, the next critical step is taking advantage of the publicity around Heartbleed to make advances in reducing the vulnerabilities in all the software your business uses, whether developed in house, acquired from third parties or downloaded from open source libraries. Security managers have the attention of CEOs, CIOS and CFOs right now ' the perfect time to recommend strategies for avoiding the next Heartbleed.
In this SANS Ask the Expert webcast, John Pescatore, SANS Director of Emerging Security Trends will present an overview on the details around Heartbleed and an update on the current status and risk. Chris Wysopal, CTO of Veracode will drill down on strategies for discovering the full extent of your vulnerability and discuss the processes and tools enterprises can use to assure that they greatly decrease the odds of exposing customer and business information by finding vulnerabilities in all mission-critical software before deployment.