Orion Consulting Limited

Connect with Orion Consulting on LinkedIn


Orion Consulting Statement on the 'Heartbleed' Bug


On April 7th 2014, it was announced that some versions of the OpenSSL security software had a severe bug, which could potentially allow sensitive data stored on a server to be revealed to 3rd parties. This is a major bug in a widely-used piece of software, which has made national headlines and affected many companies and individuals; a good explanation of the bug is available on the Wikipedia page: http://en.wikipedia.org/wiki/Heartbleed

PathFinder uses the OpenSSL library for all secure communications, as well as certificate handling, encryption, digital signing, etc.

However, we are pleased to say that the version of OpenSSL we currently use pre-dates this bug – in other words, PathFinder is not affected by it.  PathFinder currently uses OpenSSL version 1.0.0a – the bug was not introduced until 1.0.1a.

The developers of OpenSSL released a fixed version of OpenSSL (1.0.1g) on the day the bug was made known (i.e. Monday 7th April). However, we will NOT be upgrading to that version at this time. We have a long-standing policy of deliberately staying on slightly older, stable versions of libraries, particularly critical libraries such as OpenSSL. This is partly the reason we have not been affected by this bug in the first place.  We do not believe that being on a 'bleeding edge' version of the library would bring any benefits, and there is the risk that other instability or bugs could have been introduced.

We will review the versions of OpenSSL on offer when preparing the next major PathFinder release, and will of course have time to make a balanced assessment based on testing at that point.

For now, we remain on version 1.0.0.a, which is stable, known, and (once again) not affected by the Heartbleed bug.

If you have any concerns or would like more information, please do not hesitate to contact us.

Tom Reader


Orion Consulting Limited


"The ability to use our existing PathFinder system helped keep development costs down and as we already had complete confidence in PathFinder we knew that from going live our orders would arrive. We needed an efficient on-line ordering system to help save our time and our Spare Parts customers' time, so we asked Orion to build a system which would enable quick transactions without the overhead of a consumer site designed for window shopping. When a large retailer said 'The website is very easy to use....it's one of the easiest sites I've ever seen and because it's not cluttered it loads very quickly too' it confirmed that we had got the balance right."
David Wareing, IS Manager at Daewoo Electronics Sales UK Limited