We know that our customers are concerned about the “Shellshock” BASH vulnerability and whether it affects our EnCase software, our Tableau hardware products, or any of our corporate systems. This is a legitimate concern, and because we have the utmost concern for your organizational and data security, we want to give you all the information you need regarding it. Below we address one by one the key areas that you may be wondering about.
After the well-documented, highly publicized Heartbleed flaw in OpenSSL was made public, many of our customers reached out to Guidance Software to confirm whether our products were affected. At that time, we confirmed: Guidance Software products do not use OpenSSL at all.
On June 5th, 2014, another OpenSSL vulnerability was published: CVE-2014-0224. Once again, Guidance Software confirms our products do not use OpenSSL and are therefore unaffected by the latest published vulnerability in OpenSSL.