Elsevier products and platforms are unaffected by Heartbleed
Important information for Elsevier customers regarding a vulnerability in OpenSSL cryptographic software
By David Cass Posted on 23 April 2014
On Monday, April 7, a vulnerability was publicly disclosed by the OpenSSL Project (please see the references below for additional information) and was also publicized by the media. This vulnerability affects specific versions of OpenSSL, a cryptographic library that is used to secure confidential data in transit over the Internet. This vulnerability has been referred to as the "Heartbleed bug."
Elsevier has conducted a vulnerability assessment of our products and platforms. Most products were deemed not vulnerable. In addition, we promptly identified and remediated any products or platforms that were deemed to be vulnerable. There were no signs of any compromise to our products and platforms as a result of the Heartbleed vulnerability.
Elsevier Connect Contributor
David Cass is Elsevier's Chief Information Security Officer (CISO). He is based in Philadelphia.