Hello OSIsoft Community-
The internet is buzzing about the “Heartbleed” vulnerability stemming from a bug in the OpenSSL cryptographic library. OpenSSL is popular and many Web 2.0 social sites are affected.
Unfortunately, two popular security scanning tools report community.osisoft.com as affected (or very likely affected) by Heartbleed. Subsequent investigation of the site finds such reports are false positives.
To reiterate, community.osisoft.com uses the version 0.9 branch of OpenSSL that is NOT affected.
PS> Community.osisoft.com supports federated identity so users need not provision a new set of credentials to participate. (You’ve may have noticed the option to join or login using Facebook, Twitter, LinkedIn etc.) A federated identity approach also avoids transmission of credentials to our webserver. As such, the server can’t leak what it doesn’t have!