United States

The Heartbleed Bug may be compromising your protected data

Understand the vulnerability and how to verify whether you’re affected


Heartbleed is a vulnerability in the open-source cryptography library, OpenSSL. Heartbleed gives attackers the opportunity to exploit and potentially read the memory of a server or client, allowing them to retrieve, for example, a server’s Secure Sockets Layer (SSL) private keys. The exploitation of the vulnerability may also allow the attacker to gain additional information, such as usernames and passwords.

This bug was introduced through a programming error by the developers, and the vulnerability was made public this week.

The vulnerability is typically thought of as affecting only Web servers (banking servers, websites, etc.), but the code may also exist in other devices, such as firewalls, virtual private network (VPN) concentrators and others.

If your Web applications are hosted by outside parties, you need to contact them for verification that your application is not affected, or that they have already fixed the issue.

If you are hosting systems that use SSL, you should test the systems as soon as possible to determine if they are vulnerable, and then upgrade or replace the systems without delay. Examples of systems you may host include websites and applications, VPN concentrators, firewalls, wire transfer systems and others.

We are available and ready to provide testing for this vulnerability if needed. If you would like us to test your system to determine if you have the vulnerability or not, please contact us at asvsupport@rsmus.com, or reach out to your RSM contact.

More information regarding this vulnerability can be found at http://heartbleed.com/.

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.

Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.




Getting past the sound and fury of security

  • May 18, 2017


AML and regulatory compliance webcast series—Spring 2017

  • April 25, 2017


ERP implementation risks and their impact on your organization

  • March 29, 2017


2017 cybersecurity outlook and key considerations for nonprofits

  • January 31, 2017


2017 economic and risk outlook

  • January 09, 2017