DisasterLAN and NYAlert not at risk from the Heartbleed bug
BCG has been monitoring concerns over the recent discovery of the Heartbleed bug and felt an official response was warranted. We would like to take this opportunity to reassure our customers that BCG's systems are NOT AT RISK. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
However, we want to ensure our customers that neither BCG's DisasterLAN nor NYAlert incident management product lines use the OpenSSL package for secured communications. This means that your BCG products are not at risk from Heartbleed and no mitigating action needs to be taken at this time. Additionally, BCG constantly monitors emerging threats to ensure that DisasterLAN and NYAlert remain properly secured.
If you have additional questions or concerns regarding the security of your BCG products please contact BGC customer support. For more information on the Heartbleed bug, please visit www.heartbleed.com.
Patrick Lupiani, CISSP
BCG Security Analyst