The recent discovery of the Heartbleed bug sent shock waves around the world. A huge number of businesses rely upon OpenSSL to encrypt their software, and the Heartbleed vulnerability potentially exposed all of these users to cybersecurity threats. This has caused many organizations to reconsider their software development policies and strategies.
Yet as Modern Healthcare recently reported, the Heartbleed revelations have not had a significant impact on software developer attitudes in the health care sector. On the contrary, open-source software remains exceedingly popular in this industry.
Open-source health care
The news source noted that security professionals, developers and users throughout the health care sector continue to support open-source software development, which has long been prevalent in this industry.
"Open source is still a great way of building solid software," said Steve Pate, chief architect for a virtual security services provider, the news source reported.
Pate asserted that despite the Heartbleed discovery, OpenSSL remains a secure, dependable solution.
"The encryption methods in there are rock solid," he explained, according to the news source. "It's the whole mechanism we've been basing online commerce on for a long time. It has had a lot more eyes on it than a lot of the commercial security products today."
The news source noted that it is a common belief among open-source software developers that as long as enough professionals examine a given piece of code, there is really no such thing as a serious bug. Any major problems will be caught and rectified before significant issues emerge.
This attitude speaks to the importance of collaborative software development tools among health care organizations, as well as any other firms pursuing such efforts. In particular, these organizations should consider investing in static code analysis tools to reveal these bugs and code review solutions that enable multiple developers to view, modify and contribute to a single piece of code simultaneously. Such teamwork is essential for ensuring that any bug, be it Heartbleed or a more minor issue, is discovered and fixed earlier, rather than later.
A communal, collaborative approach to open-source software development is particularly important considering the wide-reaching impact of the Heartbleed bug.
For example, the Department of Health and Human Services (HHS) posted a notice on HealthCare.gov alerting users that it had taken the precaution of resetting consumers' passwords in order to definitively protect their sensitive data. Anyone returning the website must create a new password.
Modern Healthcare also noted that Heartbleed potentially affected health care-related websites, medical devices patient records and more.
Speaking to the news source, cybersecurity expert Michael McMillan pointed out that while there is no evidence that any health care organizations were struck by hackers exploiting Heartbleed, precaution is still needed across the board.
"[I]t's so damn pervasive," said McMillan, according to the news source. "You've got OpenSSL imbedded in servers, and appliances and products."
As more health care providers and related organizations move further into the software development space, a commitment to cybersecurity and collaboration will prove essential to preventing mishaps and vulnerabilities.