This weekend's Formula 1 Grand Prix has an unlikely parallel to the cyber security industry. You see, Formula 1 is a precisely engineered environment, where suspension load is modelled across the 300 or so corners of the calendar and components designed to only experience 40% of their rated strength.
Even the catchy name is not particularly innovative (Heartbleed has to take that prize over others such as BEAST and POODLE).
QSA organisations and individual assessors usually complete the final phase of a PCI DSS compliance program – that is, a final audit. Whilst Security Centric is a QSA organisation, only a small proportion of engagements are to perform the final compliance audit.
Much has been written about the OpenSSL Heartbleed vulnerability, which affects the TLS heartbeat mechanism used by some versions of the OpenSSL library. Numerous open source and commercial products use affected versions of OpenSSL for their implementation of PKI, including enterprise hardware and software products.