In an interview with Information Security Media Group, Chartier says the Heartbleed bug illustrates the need to properly test and vet the critical software components and applications to identify unknown weaknesses in them. "The best defense is to have secure software," says Chartier, who leads a company that generates revenue from testing software and services to ensure their security and robustness.
Researchers working for Codenomicon discovered April 4 the flaw in the Open Secure Socket Layer, a protocol that encrypts sessions between user devices and websites. The protocol is known as "heartbeat" because it allows the relaying of messages back and forth (see Heartbleed Bug: What You Need to Know ). A Codenomicon researcher christened the flaw Heartbleed. After developing a fix over the weekend, Codenomicon and Google, which also discovered the flaw, disclosed the vulnerability on April 7.
In the interview, Chartier explains:
- Why it took researchers two years to identify the flaw;
- The potential catastrophic results Heartbleed could cause; and
- How the open source community helped spread word about the vulnerability and its fix once it became known.
Codenomicon, founded in 2001, develops vulnerability testing tools known as fuzzing tools for manufacturers, service providers and government, defense and enterprise customers. Chartier says Codenomicon discovered the flaw in OpenSSL while developing one of its products.
Chartier has 20 years of technology industry experience that includes serving as chairman of Maxware, the identity management solutions provider that SAP acquired in 2007. He also has held CEO positions for startup companies that include enterprise search and monitoring solutions provider IntelliSearch and IT solutions provider Computas, along with serving as chairman of Active ISP, a web hosting firm. Chartier founded E-commerce services provider InfoStream and led the company through a successful initial public offering in 1999.