Credit Card Processing Company Avoids Kafka Exploit With Support From OpenLogic

A global leader in credit card processing identified a critical bug affecting Kafka, which could lead to compromised customer data. OpenLogic helped the team to confirm, reproduce, and patch the bug – keeping their customer data, and business, safe.

OpenLogic Helped the Customer With

Vulnerability Assessment

OpenLogic identified the bug, then created a test harness to reproduce the issue in a safe environment.

Patch Development

After the patch was deployed, OpenLogic provided long-term support for configuration and workarounds.

Long-Term Support

After the patch was deployed, OpenLogic continues to provide long term support for configuration and workarounds.

Negotiating Critical Needs Within the Kafka Community

The customer security team identified what they believed was a critical bug in a Kafka that potentially revealed overly verbose information in logs. After OpenLogic worked with the community, it was determined that the security team had special security needs that weren't applicable to the general community. With no long-term workaround available, OpenLogic provided an option for Kafka to be patched to meet the high audit standards, and have the fix worked into the upstream community project to mitigate the risk.

How OpenLogic Solved It

OpenLogic followed a validated process to engage the customer and community and successfully marshal the bug fix into the community to meet the customer needs.

The OpenLogic team helped to confirm the bug, then created a test harness that reproduced the bug. After sanitizing the test harness to remove any customer information, the OpenLogic team submitted a bug to the Kafka project including the test harness for reference.

After submitting the bug report, the OpenLogic team wrote improved code for the affected area of the Kafka project, which they then submitted to the community. 

The End Result

By engaging the OpenLogic support team, the credit card processing company was able to quickly create a custom patch their team could use to pass the strict audit, then engage the Kafka community to create a new feature that would allow the audit to pass in the future. The fully-managed process allowed the company to deliver on their promise of strict controls and standards on customer data. This allowed the company at large to focus on their internal products enabled by Kafka, not on the external community.

Get Long-Term Support for Your Integrated Open Source

OpenLogic can help your business to keep customer data secure and protected against potential vulnerabilities.

Want to see how we can support your project? Our open source architects are standing by to answer your questions.