April 11, 2014

LulzBot.com Not Affected by Heartbleed Vulnerability

Dear LulzBot Community,

We want to update/inform you that our website, lulzbot.com, was not affected by the major security vulnerability in OpenSSL known as "Heartbleed". In learning about Heartbleed, we did conduct our due diligence immediately, but we want to be clear that our website and customers were never in harm's way.

We believe that unfortunate events like this demonstrate more than ever the need for a free and open digital world. We are going to take the liberty of excerpting John Sullivan's, executive director of the Free Software Foundation, recent statement on Heartbleed:

"Using free "as in freedom" software, like OpenSSL, is a necessary first step in securing our computers, our servers, and the entire Internet. Free software guarantees users the ability to examine the code in order to detect vulnerabilities, and to create new and safe versions if a vulnerability is discovered. Bugs, sometimes big ones like Heartbleed affecting widely used software like OpenSSL, can occur in any code, free or proprietary. The difference is, when no one but a proprietary software company like Microsoft can see the code, or fix it when problems are discovered, it is impossible to have a true chain of trust. Everyone is helpless until Microsoft decides to act..."

Sullivan continues:

"Heartbleed is a serious security issue, and it's a good thing that OpenSSL is free software. This has allowed the bug to be identified, and fixed rapidly after being disclosed."

Thank you for your business, and for supporting a free and open digital world.

The LulzBot Team