The Heartbleed OpenSSL bug fiasco reminds us at VendorINSIGHT why we adhere to best practices when it comes to software development and our web-based software for vendor and contract management. Many customers are wondering whether the recently discovered “Heartbleed” OpenSSL security vulnerability affects VendorINSIGHT. VendorINSIGHT IS NOT impacted.
OpenSSL is an SSL software library used by many web servers to manage SSL encrypted communication to web sites. These web servers are primarily Unix and Linux based web servers, primarily Apache servers. VendorINSIGHT runs on Microsoft Internet Information Server (IIS) which does not use Open SSL. IIS comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.