« Previous Next »
25 December 2014

Last week we disabled SSL 3.0 as announced here

This was the first step in a updating the security across our HTTPS routing layer. Now that we’ve disabled SSL 3.0 we could do some other security updates, after which we’re back to an A+ rating on Qualys SSL Labs.


In 2014 we saw quite some major vulnerabilities with implications for us like HeartBleed, Shell Shock, XSA-108 and most recently Poodle. I’m very proud to say that we’ve dealt with all of these issues within hours, rather than days or even weeks. In all likelihood, 2015 will give us many more vulnerabilities. I think that the 2014 trend of naming them is great for security awareness. We received a lot more questions about specific vulnerabilities than in previous years, and I think the naming plays a big part in that. So while I don’t look forward to waking up in the middle of the night to patch thousands of servers, I do look forward to the ingenious names the security researchers come up with.

Have a great holiday season and let us worry about the security of the platform. Just don’t forget to create your applications in a secure way ;)

Posted by Jouke Waleson

I am the Product Manager for Mendix Cloud and the editor of the technical section this blog. I studied CS and AI at Utrecht University.

blog comments powered by Disqus