Well, that’s finally behind us. After days of anticipation and fear, OpenSSL’s newest patches were released last Tuesday with little official fanfare from the Foundation and no cute names for vulnerabilities, but a good amount of comments from the peanut gallery on Twitter. Of course, the initial fix is just the tip of the iceberg. A minor spike in antacid sales on Monday, a flurry of cancelled dinner reservations on Tuesday, and a fair number of naps taken on Wednesday notwithstanding, most operations teams are in the clear… for now. We’re in that lull, the waiting period when engineers are watching like hawks, hoping nothing else breaks and that no additional work is required. The black hats are picking and probing, hoping that these patches, like so many before, have spawned new vulnerabilities to explore. We will know soon enough what they have discovered. Fahmida Y. Rashid has a great rundown of the vulnerabilities and associated fixes in her column at InfoWorld, if you’re interested.
I’m proud to say that here at SafeLogic, we handled this round of patches with grace and poise, delivering as promised for our customers. [Yes, I intend to flatter and compliment our technical team. They deserve it. High five!] Since many of our clients deploy a version of CryptoComply that is forked from and compatible upstream with OpenSSL, it is imperative that we remain on top of the latest developments. It’s one of our central mandates as a company. Our customers rely upon us to ensure that new builds are tested, operate properly for their deployment, remain in compliance, and are provided in a timely fashion. And we do, with bells on.
It’s not even so much that I just want to trumpet the accolades for our team when they do their job as expected… that is table stakes. I don’t even need to dwell on how they exceed expectations and beat time estimates on a regular basis. (They do, though!) It’s that this professionalism and commitment to customer success is what sets SafeLogic apart. Our technical team is the embodiment of what we espouse on the marketing side when we chronicle the ways that our CryptoComply products are an upgrade from open source alternatives.
We talk about strong support. We’ve asserted many times that in this exact scenario, SafeLogic simply takes care of the new builds and pushes it out to customers. We remind our customers and prospective clients that we offer dynamic, effortless updates to reflect the constantly changing landscape of operating environments. Further, our customers avoid the stigma of open source. Instead of telling their end users that “Yes, we applied all patches and we believe that we’re all set”, our clients are able to simply reassure the users, saying, “We use SafeLogic encryption. They handle all of it. We’re covered, and so are you.” It’s a wonderful thing to put their minds at ease.
Bottom line – whether you were one of the myriads of Twitter users complaining about the patching process, the “aging and bloated” codebase of OpenSSL, or if you just want a better way to handle your crypto needs, contact us now. We might already be working with your rivals, which would explain why they aren’t fazed by these patches. They are staying focused on beating you while SafeLogic takes care of the crypto piece. Don’t worry – we have the bandwidth to help you too. Let’s even the playing field and take this headache off of your plate. Let us be your secret weapon, your competitive edge, or the equalizer. Let this be the last round of OpenSSL patches that your engineers have to wrangle. Our technical team is ready.