No More Heartbleed
August 4, 2014
Eliminating the Heartbleed Bug from OpenSSL
The Heartbleed Bug (https://heartbleed.com/) is a severe vulnerability in OpenSSL a popular cryptographic software library. This weakness allows stealing the information protected, by the SSL/TLS encryption used to secure the Internet.
OK. So one more bug has been found. What’s next? Maybe a second Heartbleed? To address this issue, at TrustInSoft, we rely on mathematical methods to provide guarantees on existing software. For instance, we created the PolarSSL Verification Kit. PolarSSL is an alternative to OpenSSL. The PolarSSL Verification Kit guarantees the immunity to the following weaknesses: CWE 119 to 127, 369, 415, 416, 457, 476, 562, 690. The Verification Kit tells you how to compile, configure, and use PolarSSL to benefit from these guarantees. It means that a flaw similar to Heartbleed cannot occur if you follow the verification kit.
All the bugs we found (for instance CVE-2013-5914) have been reported to Paul Bakker, main designer and maintainer of PolarSSL.
Now, if you want, you will not suffer from the next heartbleed. Buy TrustInSoft’s PolarSSL Verification Kit: being on the safe side is cheaper than you imagine.