Sopheon’s technical and infrastructure teams did an immediate review and audit of all our systems and applications, upon learning about the Heartbleed Bug. Our review and audit showed that neither our Accolade solution that customers use on-premises, or our Accolade Cloud solution use OpenSSL and have therefore never been vulnerable to the Heartbleed Bug.
Customers who run a load balancer system in front of the Accolade product, need to check with the vendor of the load balancer to ensure that it doesn’t have vulnerability.
Sopheon takes its responsibility very seriously to ensure the security, integrity and confidentially of customer data in the Accolade system and our Cloud / Hosting services. We will continue to monitor the situation for any further developments or possible concerns.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).