Larry Zelvin, director of the National Cybersecurity and Communications Integration Center for the Department of Homeland Security, has said the “Heartbleed” encryption flaw had minimal impact on the federal government domain, FierceGovernmentIT reported Thursday.
Molly Bernhart Walker writes a team worked for 20 days to respond to the secure-sockets layer encryption vulnerability and mitigate its effect on the dot-gov domain.
Zelvin told a House Homeland Security subcommittee the team were able to identify more than half of the vulnerabilities and mitigate its impact “within the first six days of scanning,” according to the report.
The SSL flaw was detected on April 7 and dissemination of public guidance, as well as government network scanning ensued, the report says.
“To date, the team has scanned a federal IP space of approximately 15.5 million IPs on 11 different occasions and assisted in reducing the number of federal Heartbleed vulnerability occurrences from 270 to about two in less than three weeks,” Zelvin told the hearing.