Elsevier Connect
Skip Navigation
Cybersecurity

Elsevier products and platforms are unaffected by Heartbleed

Important information for Elsevier customers regarding a vulnerability in OpenSSL cryptographic software

 The Codenomicon security company gave Heartbleed its name and logo to raise public awareness.On Monday, April 7, a vulnerability was publicly disclosed by the OpenSSL Project (please see the references below for additional information) and was also publicized by the media. This vulnerability affects specific versions of OpenSSL, a cryptographic library that is used to secure confidential data in transit over the Internet. This vulnerability has been referred to as the "Heartbleed bug."

Elsevier has conducted a vulnerability assessment of our products and platforms. Most products were deemed not vulnerable. In addition, we promptly identified and remediated any products or platforms that were deemed to be vulnerable. There were no signs of any compromise to our products and platforms as a result of the Heartbleed vulnerability.

References

OpenSSL Security Advisory

Information on the Heartbleed bug

[divider]

Elsevier Connect Contributor

David CassDavid Cass is Elsevier's Chief Information Security Officer (CISO). He is based in Philadelphia.



comments powered by Disqus