Spotlight: Is Your SAP Environment Vulnerable to Heartbleed?

  • by Gary Byrne, Managing Editor, Financials Expert and SCM Expert
  • May 16, 2014
SAP Professional Journal
An experienced CTO fields some questions about Heartbleed’s impact on SAP systems.

The impact of being vulnerable to Heartbleed is that all past and future network traffic could be decrypted, so changing user passwords and SSL certificates is a must. However, the first step should be to update the software and the OpenSSL libraries.

-- Juan Pablo Perez-Etechgoyen, CTO, Onapsis

Heartbleed has been the focus of numerous articles and blogs over the last few months. To find out what measures can be taken to protect SAP applications from Heartbleed, I had Juan Perez-Etechgoyen, CTO at Onapsis, answer a few questions.

I read that Heartbleed was undetected for at least two years. How did so much time go by without any security companies detecting it sooner?

It's hard to say. Software vulnerabilities exist in every piece of software developed by humans; that's a fact. There are a number of details in this sense to take into account, such as how such a security-sensitive software can go unnoticed suffering from such a critical vulnerability for probably more than two years. But the truth is that a vulnerability becomes real when it's detected and reported (even though it existed for years) and to detect it, companies need to invest in extensive research in security-relevant software, which is very expensive.

Gary Byrne

Gary is the managing editor of Financials Expert and SCM Expert. Before joining WIS in March 2011, Gary was an editor at Elsevier. In this role he managed the development of manuscripts for Elsevier’s imprint responsible for books on computer security. Gary also has held positions as a copy editor at Aberdeen Group, a Boston-based IT market research company, and as an editor at Internet.com, a publisher of content for the IT community. He also gleaned experience working as a copy editor for International Data Corp., a Framingham, MA-based IT market research company. He earned a bachelor of science degree in journalism from Suffolk University in Boston. He enjoys traveling, sailing as a passenger onboard schooners, and helping his wife, Valerie, with gardening during summer weekends. He’s a fan of all the Boston sports teams and once stood behind Robert Parish in a line at BayBank. He felt small and didn’t ask for an autograph. You can follow him on Twitter at @FI_SCM_Expert. His online footsteps can also be found in the SAP Experts group on LinkedIn.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.