Toronto, April 11, 2014 – Following the release of mitre.org advisory CVE-2014-0160 (“Heartbleed”) on Monday, PortfolioAid immediately performed an assessment of all production hosted environments, its website, and utilities systems such as secure file transfer servers. We determined conclusively that no systems are impacted by the Heartbleed bug, since none use an OpenSSL package affected by this vulnerability. This finding has been corroborated by use of third-party Heartbleed detection tools online.
PortfolioAid conducts regular scheduled patches on servers and systems software, and regularly reviews its use of encryption tools. PortfolioAid also avoids the latest version of software in production environments, for the explicit purpose of avoiding this sort of security issue.
If you are a PortfolioAid customer with any concerns about the security of your service, please do not hesitate to contact us at firstname.lastname@example.org. Or call 416-479-9710 and ask for our Chief Information Security Officer. To learn more about this severe security vulnerability and how it might impact you as an individual or organization, please see heartbleed.com.