What's the one thing every company's data security program must include? That's the question we put recently to experts in the field, knowing that, especially after Heartbleed, the diversity of responses would create an...more
Although it is a widespread exploit that has been undetected for two years, whether or not a CGL policy covers data breaches allowed by Heartbleed should turn, simply, on whether the policy covers data breach at all...more
Threats to data privacy are not going away, but establishing appropriate security measures up-front, performing regular stress-tests on a security system, putting in place procedures to address a data breach and implementing...more
The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more