Information security is extremely important to ThoughtWire and we started a thorough investigation immediately after the VM ‘Venom’ vulnerability was announced on May 13th. The ThoughtWire platform does not directly incorporate or use any of the affected VM environments and therefore we do not believe there is a security risk.
- Most ThoughtWire platform deployments run on Linux operating systems but we use VMWare for virtualization which is not affected. As a result there is currently no reason to believe that the ThoughtWire platform or any of the ThoughtWire installs are vulnerable.
- This is a very new exploit and details about it are still coming out. As a result we may issue updates if new information comes to light.
For details about the exploit and affected systems please see here: