Tara Calihman - April 08, 2014
Here at VictorOps, we take the security and privacy of your data seriously and consider it critical that we deal with security issues as quickly, effectively, and transparently as possible.
Yesterday, we learned of the “Heartbleed” OpenSSL vulnerability. There’s a wealth of information about this serious issue with recent versions of OpenSSL on the site The Heartbleed Bug. Be sure to check it out.
While we do not believe any of our private keys or customer data have been compromised, we took immediate steps to mitigate the issue on our platform. After a morning spent patching, we can report that the VictorOps platform is fully protected against Heartbleed and that you can continue to use VictorOps, confident that your data is safe.
This bug was a wonderful exercise for us and one that brought up a question: what if we could alert our users to issues like this from within the VictorOps timeline? Would that be worthwhile? It’s an interesting idea and one we’re debating internally here. If you have strong feelings about this becoming a feature, we’d love to hear from you.