Since becoming aware of the Shellshock (CVE-2014-6271 and CVE-2014-7169) Bash vulnerability, the Verizon Digital Media Services security team worked hard to mitigate risks to our environment and that of our customers.
While it is important to note that Verizon’s CDN infrastructure runs on a purpose-built, hardened configuration with many layers of security control, monitoring, and auditing, our defined risk mitigation procedures required that we pro-actively patch and provide software updates to all relevant servers. This activity is now complete. In addition, we made available a WAF-based rule to all of our application performance (ADN) and commerce (TRANSACT) customers to help them protect their own internal systems.
Our ability to complete this massive update in a timely manner is attributable to our SuperPOP architecture, which prioritizes PoP quality and connectivity over quantity, alongside our extensive automation and advanced testing procedures. It is this same architecture that enables us to purge caches almost instantly, update WAF rules worldwide in fewer than 5 minutes, respond automatically in minutes to DDoS attacks, and provide industry-leading performance.