The Cost of Internet Security Flaws

EInternet Security Flaws The Heartbleed bug remains one of the internet's most devastating security threats: 24-55 of Alexa's top 1 million websites compromised 1/6 of ALL SSL-certified sites compromised The total cost of Heartbleed for millions of companies and end-users affected is still growing: CloudFlare calculated its bandwidth cost alone at The total cost is estimated at $400,000 1/2 Billion That's a single component of total costs for a single vendor out of millions affected. That's the same amount spent by the Red Cross in Haiti after the 2010 earthquake. Associated costs caused by a single vulnerability in a single line of C-code. Certificate Revocation Bandwidth Human Resources & Staff Costs Stolen Data A Canadian Revenue Agency High rate of revoking & reissuing SL certificates requires heavy bandwidth use, sending bandwidth costs skyrocketing reported 900 social insurance numbers Building & implementing patches, scanning for risks & setting passwords. stolen; we don't know the extent of total amount of data stolen with Heartbleed Now what? What happens when the wrong person finds another devastatingly exploitable line of code? How will we respond to prevent Heartbleed II? There is a better way. Instead of reacting to hackers, we now have the ability to guarantee that software is free from all known flaws, even flaws like the buffer-overflow responsible for Heartbleed that are difficult to discover manually. TrustinSoft Analyzer's patented, award-winning technology relies on a unique collaboration between multiple formal methods. CASE STUDY mbed TLS Using our static analysis tool, TrustInSoft Analyzer, TrustlnSoft experts were the first to verify an SSL/TLS stack-just like the OpenSSL stack responsible for Heartbleed. They determined a configuration that, when properly deployed, guarantees the absence of CWES 119 - 127, 369, 415, 416, 457, 476, 562, & 690. The Results A verification tool that delivers exhaustive guarantees on the quality of software. With TrustInSoft-verified software, you'll never have to worry about the staggering costs of a potential Heartbleed II! 3 ways to take advantage of TrustlnSoft guaranteed security: Request that your subcontractors only use In-house verification: Advanced software audits: With your own TrustInSoft Analyzer license, verify software components without sacrificing TrustInSoft experts will verify open-source, COTS, outsourced, or custom software components for you. TrustInSoft Verified software. sensitive source codes. TRUST IN SOFT We're dedicated to raising the standards of software security, one line of source code at a time. Contact us for more information about how we can add value to your business or to arrange a Proof of Concept demonstration. Durmeric, Z. et al., "The Matter of Heartbleed." Available: Netcraft's April 2014 SSL survey CloudFlare: https://blog.cloudflare.com/the-hard-costs-of-heartbleed/ EWEEK: http://www.eweek.com/security/heartbleed-ssl-flaws-true-cost-will-take-time-to-tally.html CloudFlare: https://blog.cloudflare.com/the-hard-costs-of-heartbleed/ Financial Post: http://business.financialpost.com/fp-tech-desk/cra-sin-stolen-heartbleed? Isa=8423-6415# federated=1 http://www.npr.org/2015/06/03/41m524156/in-search-of-the-red-cross-500-million-in-haiti-relief %24