The Mercer Island School District announced Monday, April 14 that student data accessed through an application called Skyward is not vulnerable to the Heartbleed Bug, a serious vulnerability in OpenSSL technology that manages encryption for most of the internet.
“The Mercer Island School District protects student data vigorously and I am happy to share that none of that information was exposed by the Heartbleed Bug,” said Mercer Island School District Director of Information Technology Andreeves Ronser.
An official response from Skyward states, “Skyward has completed a thorough review of applications, and we do not use a vulnerable version of OpenSSL. This means that there are no OpenSSL security concerns for your Skyward product suites.”
Official response from Skyward:
The Heartbleed Bug (CVE-2014-0160) is a serious vulnerability in the popular OpenSSL cryptographic software library. It is being called the “Heartbleed” exploit and has already started to garner national press attention. Skyward has completed a thorough review of applications, and we do not use a vulnerable version of OpenSSL. This means that there are no OpenSSL security concerns for your Skyward product suites.
Note: The Skyward application uses curl for ecommerce and file transfers. We have confirmed that the version of OpenSSL embedded in the version of curl Skyward provides is not vulnerable to the Heartbleed security issue.
WSIPC IS has gone through internal hosted sites and security appliances to determine risk. At this time they have ruled out firewalls, VPN, load balancers, email, IM, Citrix, SharePoint and a majority of websites hosted by WSIPC.
Additional questions about the Heartbleed internet security threat can be sent to J.C. Sain from Northwest Regional Data Center at jsain@nwrdc.net.