Cumulocity is not affected by the recently published Cloudbleed vulnerability.
As general security policy,
- Cumulocity does not employ any content distribution networks to serve IoT requests, but receives and serves the requests directly. This is to ensure end-to-end security from the device to the Cumulocity server as well as from the application to the Cumulocity server.
- Cumulocity bases its own software development on an implementation technology that makes buffer overruns, a frequent source of vulnerabilities, impossible. The web server employed by Cumulocity is a mainstream open source component that is continuously maintained and under constant monitoring of the security community.
- Cumulocity enforces a strong separation of customers to prevent leaks of data.