• Home
  • Resources
  • Blog
  • R&D Executive – Why Shellshock and Heartbleed Should Matter to You

R&D Executive – Why Shellshock and Heartbleed Should Matter to You

So, you’ve heard of Shellshock, of course. And if you use Unix, you made sure someone installed the right patch for Bash– and you think – OK, I’ve dealt with it, let’s get back to more important things.

Reducing Enterprise Application Security Risks:

More Work Needs to Be Done

Well, there’s more to Shellshock than meets the eye. Here’s why:

1. There are many more security vulnerabilities out there Shellshock, and Heartbleed before it, are two examples of security vulnerabilities in widely used open source components.

Open source components, like any software, have bugs and security vulnerabilities. The great thing is that open source components usually have an entire community of developers and users who report on vulnerabilities and fix them.

All you need to do is to follow announcements (CVEs) and online repositories for updates

2. Bash (or parts of other open source components) may be still part of your software

 Open source components that were designed for one purpose can be quite useful in other scenarios. So it is quite probable that one of your developers decided to use an open source component – or part of it – in his software. Whatever this component does, or contains, is now part of your software. 

Open source is great. You get the functionality you need, for free, and it saves development time and effort. The other reason for which it is great is the fact that it is used by many, continuously tested and improved – and the results are shared with the community.  

All we have to do, as R&D execs, is make sure that we know what’s in our software and what updates were published about the components we use.

Meet The Author

Rami Sass

Rami Sass is co-founder and CEO of Mend, a company that enables organizations to accelerate‌ the development of secure software at ‌scale‌ with automated tools that help bridge the security knowledge gap. Since the company’s founding in 2011, Rami has grown Mend from a small Israeli startup to a global business with over 300 employees across several countries and hundreds of enterprise customers including Microsoft and IBM. 

Subscribe to Our Blog