Customers using Ping Identity's cloud services are unaffected by the Heartbleed vulnerabilities.
PingOne's production services terminate SSL at highly secure load balancer and proxy endpoints, and we never expose raw application or web servers to public address spaces. We also do not use wildcard certificates for production PingOne endpoints, so the compromise of one SSL endpoint will not affect every other endpoint in the system.
The Security Operations Team at Ping Identity has completed a full audit of all our publically available endpoints. We are confident that no customer's were affected by the Heartbleed vulnerabilities. As a precautionary measure, we are forcing credential updates across all systems, and are rotating public certificates and keys. Again, this is strictly precautionary and we feel it is the responsible thing to do for our customers and partners. Emergency certificate rotation is something our Site Reliability Teams practice on a regular basis, and customers should not see any issues with the rotation.
If customers have any questions regarding the Heartbleed vulnerability, please feel free to contact email@example.com and we'll be happy to chat with you.
Beau Christensen is the Director of Infrastructure Operations at Ping Identity.