Last week, the Heartbleed vulnerability in the open-source encryption library, OpenSSL, was announced. OpenSSL is a popular toolset for encrypting secure websites. Users of the sites affected by Heartbleed may be subject to password theft and leaking of confidential information.
At Weaver, we take the security of our client's information very seriously and have investigated the risk of all systems that might, if affected, put our client's data at risk. Our evaluation included in-house systems as well as third-party software partners. We have confirmed that none of our software vendors that house our client’s data are affected by the Heartbleed bug at this time. We have also verified that our internal systems using SSL are not affected by this issue. Finally, we have run independent technical tests against our software vendors' websites to verify they are not affected.
We will continue to monitor this situation and take the necessary proactive steps in order to ensure our client data is secure. If you have any questions, contact your engagement partner or Steve Peterson, Weaver's Director of IT, at 817-882-7782. For additional information, please see our Heartbleed blog post.