Why Heartbleed Reflects Badly on the Information Security Industry

Written by

“Heartbleed could have been prevented”, Vidhya Ranganathan, Accellion’s SVP of security, told me at Infosecurity Europe 2014. These are words that I’d be hearing several times over my three day ‘staycation’ in Earl’s Court at the end of April.

Don’t get me wrong, I was expecting it. I predicted that the word Heartbleed would make it into every single conversation I had that week. Whilst that wasn’t exactly true - I triumphed over my own prophecy once or twice – it was certainly no stranger to my interviews. Finally, a word that rivals ‘Snowden’ in the frequency competition…

“Heartbleed turned the industry upside down”, Ranganathan told me, “it reflects very badly on the industry. It’s absolutely mind-boggling that it was out there for two years.”

When asked what lessons the industry has learnt from the escapade, Ranganathan answered “the lesson that we need to be better prepared.” Whilst she maintained that Accellion were able to implement a fix on their part within 24 hours, the fact that it needed to is, she conceded, a failure of the industry.

When considering the root cause of this failure, she suggested that speed to market played a crucial role. “People cram too much in too quickly in the rush to get to market. Speed and processes often result in mistakes.”

The sheer magnitude of Heartbleed will leave a long-term impact on the industry, predicted Ranganathan, “as will the Target breach”. The aftermath of the Snowden revelations, she considered, “have really helped our business”.

Acellion’s sweet spot, she told me, is the private cloud. “We never mingle data, so those that worry about that needn’t. In the wake of Snowden, the private cloud has become very popular. Privacy concerns can be negated by separating data in the private cloud”.


To save you counting, this blog post includes two mentions of Snowden and four of Heartbleed…Must try harder.


What’s hot on Infosecurity Magazine?