IT Security Guru: Tools being used to detect the OpenSSL vulnerability often contain bugs too.
According to research by CNS Security, methods for detecting whether your systems are affected have bugs themselves which is leading to false negative results.
Adrian Hayter, blogger and penetration tester at CNS Security, said: “I was called upon to perform checks against numerous systems during the week, and I noticed that some of the scripts would find a vulnerability whilst others would not. This behaviour often depended on the system in question, and upon reviewing the code behind the scripts, I uncovered a number of bugs.”
