B
Bill May
Guest
Hackers never sleep, so managing data security and mitigating risk is of paramount concern for our team at Progress. Here’s how to stay secure with OpenSSL 1.0.2f.
Progress DataDirect enables connectivity between a LOT of different data sources and applications, both on-premise and in the cloud. Besides addressing the critical and obvious needs of performance and ease of use for our customers, we’re always working in the background to ensure security requirements are met and any new vulnerabilities are quickly addressed.
Recently All ODBC Products Were Updated to OpenSSL 1.0.2f
This addresses the following issues:
We don’t advertise every security fix we do in a blog posting like this, but I felt this was a good opportunity to let you know about our security vulnerability response policy. Upon identification of any security vulnerability that would impact one or more Progress product(s), Progress will exercise commercially reasonable efforts to address the vulnerability in accordance with the following guidelines:
Priority*
Time Guideline
Version(s)
High Risk (CVSS 8+ or industry equivalent)
30 days
Active (i.e. latest shipping version) and all Supported versions
Medium Risk (CVSS 5-to-8 or industry equivalent
180 days
Active (i.e. latest shipping version)
Low Risk (CVSS 0-to-5 or industry equivalent)
Next major release or best effort
Active (i.e. latest shipping version)
*Priority is established based on the current version of the Common Vulnerability Scoring System (CVSS), an open industry standard for assessing the severity of computer system security vulnerabilities. For additional information on this scoring system, refer to https://en.wikipedia.org/wiki/CVSS.
Your Information Is Secure
So, while you enjoy our products for your data and application integration needs, you can also be confident your information is secure both now and in the future.
If you would like to learn more about the broad range of security issues and how to avoid them, Sven Skoog goes through the history of data security and provides insight on current issues in his blog, “How to Avoid Security Issues in Your Data Connectivity Layer.”
Continue reading...
Progress DataDirect enables connectivity between a LOT of different data sources and applications, both on-premise and in the cloud. Besides addressing the critical and obvious needs of performance and ease of use for our customers, we’re always working in the background to ensure security requirements are met and any new vulnerabilities are quickly addressed.
Recently All ODBC Products Were Updated to OpenSSL 1.0.2f
This addresses the following issues:
- Provides stronger cryptographic assurance against the "Logjam" vulnerability (CVE-2015-4000)
- Fixes the "DH small subgroups" vulnerability (CVE-2016-0701)
- Fixes the "SSLv2 doesn't block disabled ciphers" vulnerability (CVE-2015-3197)
- Fixes the "BN_mod_exp may produce incorrect results on x86_64" vulnerability (CVE-2015-3193)
- Fixes the "Certificate verify crash with missing PSS parameter" vulnerability (CVE-2015-3194)
- Fixes the "X509_ATTRIBUTE memory leak" vulnerability (CVE-2015-3195)
We don’t advertise every security fix we do in a blog posting like this, but I felt this was a good opportunity to let you know about our security vulnerability response policy. Upon identification of any security vulnerability that would impact one or more Progress product(s), Progress will exercise commercially reasonable efforts to address the vulnerability in accordance with the following guidelines:
Priority*
Time Guideline
Version(s)
High Risk (CVSS 8+ or industry equivalent)
30 days
Active (i.e. latest shipping version) and all Supported versions
Medium Risk (CVSS 5-to-8 or industry equivalent
180 days
Active (i.e. latest shipping version)
Low Risk (CVSS 0-to-5 or industry equivalent)
Next major release or best effort
Active (i.e. latest shipping version)
*Priority is established based on the current version of the Common Vulnerability Scoring System (CVSS), an open industry standard for assessing the severity of computer system security vulnerabilities. For additional information on this scoring system, refer to https://en.wikipedia.org/wiki/CVSS.
Your Information Is Secure
So, while you enjoy our products for your data and application integration needs, you can also be confident your information is secure both now and in the future.
If you would like to learn more about the broad range of security issues and how to avoid them, Sven Skoog goes through the history of data security and provides insight on current issues in his blog, “How to Avoid Security Issues in Your Data Connectivity Layer.”
Continue reading...