The Heartbleed vulnerability represents a significant threat to security on many websites. However, the NetSuite service is not vulnerable to this issue. Below is the official statement from NetSuite:
Wednesday, April 9, 2014, 12:01am PDT
Notice regarding the current OpenSSL vulnerability known as the Heartbleed Bug (formally CVE-2014-0160). NetSuite has reviewed domains associated with the family of NetSuite services – the NetSuite Service, the LightCMS Service, the NetSuite OpenAir Service, the OrderMotion Service, the RetailAnywhere Service – And has concluded that none of them was ever vulnerable to CVE-2014-0160. The Tribe HR service was vulnerable and was patched Tuesday 4/8/2014. NetSuite is communicating with TribeHR Customers. For more information on the Heartbleed bug please navigate to www.heartbleed.com
The statement may be viewed on the NetSuite Status page by hovering over the “i” information icon to the right of the Wednesday, 4/9/14 uptime statistics.
For more information, please contact your #NetSuite lead consultant, Client Service Coordinator, or the RSM Client Resource Center firstname.lastname@example.org or 888-678-5536.
By: Matt Kenney – National NetSuite Capability Leader