There have been a number of stories in the press recently regarding the security vulnerability identified by CVE-2014-6271 and CVE-2014-7169 (also known as the Bash Vulnerability / Shellshock), and the breadth of systems that have been compromised as a result.
We wanted to take this opportunity to, once again, reassure you about the safety and security of the Rosslyn RAPid platform.
From our Chief Security Officer George Lazarov:
"We can confirm that the RAPid platform is not affected by the CVE-2014-6271 and CVE-2014-7169 bash interpreter code injection vulnerabilities. All our Unix-based production services are in non-DMZ environments (cannot be accessed externally), preventing the exploitation of the vulnerability.
This is due to the fact that we have in place a proprietary implementation (CentOS) or the system is based in the Debian distribution, hence using a modified / different shell (dash)."
We pride ourselves on the strength of our security, and place a huge emphasis on continually evolving our security protocols to ensure protection against vulnerabilities such as these.
If you have any questions, please get in touch at firstname.lastname@example.org .