Last week we disabled SSL 3.0 as announced here
This was the first step in a updating the security across our HTTPS routing layer. Now that we’ve disabled SSL 3.0 we could do some other security updates, after which we’re back to an A+ rating on Qualys SSL Labs.
In 2014 we saw quite some major vulnerabilities with implications for us like HeartBleed, Shell Shock, XSA-108 and most recently Poodle. I’m very proud to say that we’ve dealt with all of these issues within hours, rather than days or even weeks. In all likelihood, 2015 will give us many more vulnerabilities. I think that the 2014 trend of naming them is great for security awareness. We received a lot more questions about specific vulnerabilities than in previous years, and I think the naming plays a big part in that. So while I don’t look forward to waking up in the middle of the night to patch thousands of servers, I do look forward to the ingenious names the security researchers come up with.
Have a great holiday season and let us worry about the security of the platform. Just don’t forget to create your applications in a secure way ;)