U.S., Canada Issue Statements on OpenSSL Vulnerability.

by. Jeffrey Roman

As news of the Heartbleed bug sinks in, government agencies in the U.S. and Canada are reacting to the newly discovered Internet vulnerability.

The Federal Deposit Insurance Corp. on April 10 issued a press release urging financial institutions to utilize available resources to combat threats tied to the Heartbleed bug.

Greg Hernandez, spokesperson at the FDIC, says the advisory was issued because of vulnerabilities with OpenSSL. “The [vulnerability] could expose banks and their customers to risks such as compromise of sensitive information or fraud,” he says. “Many banks rely upon this technology for web-based banking, e-mail, authentication and other critical or sensitive banking functions.”

Hernandez says: “Banks should ensure that OpenSSL vulnerabilities are covered in their patch management, software maintenance or security update procedures as described in existing FFIEC guidance, as well as their risk assessments.”

continue reading »