OrangeHRM Blog
Voice of Free & Open Source HR System

Archive for October, 2014


OrangeHRM Secured: POODLE SSLv3 Vulnerability

Posted in General  by Shaun Bradley No Comments

What is the POODLE Vulnerability?

Security researchers from Google recently identified a bug that affects SSL 3.0. Despite SSL 3.0 is over 17 years old it is still used by many to date. The vulnerability has been nicknamed as POODLE which stands for “Padding Oracle On Downgraded Legacy Encryption”.

Since this is a “man-in-the-middle attack” the bug only allows hackers to steal data by tapping into the connection between the users and servers first, so the vulnerability is highly unlikely to be exploited in home of office environment.

Learn More

Does it affect OrangeHRM?

OrangeHRM Live Cloud Hosting

If you are using OrangeHRM’s cloud, you are safe!

OrangeHRM is no longer vulnerable to POODLE as disabled SSL 3.0 access immediately.  We will be using TLS 1 and above moving forward. The internet is full of bugs and vulnerabilities hence OrangeHRM constantly monitors server traffic and implement mechanisms to prevent attacks while our researchers try to exploit vulnerabilities and fix them before they get into the wrongs hands.

On-Premise and Third Party Hosting

The POODLE vulnerability is an attack between the users and servers and not with OrangeHRM application we urge you to check your servers or contact your hosting service providers to ensure your company information is not vulnerable.

For more information please contact the OrangeHRM Managed Services Team.


Interview with Erin Osterhaus - HR Industry Expert

Posted in General  by Shaun Bradley No Comments

OrangeHRM recently spoke with Erin Osterhaus, a human resources industry expert and researcher. Erin works as the HR market research associate for Software Advice, an online review firm for human resources software, and often writes about market trends and best practices. So, we asked Erin about her predictions for the future of HR and technology, and gathered her thoughts on software awareness among HR professionals as well as security concerns within the industry. Check out her thoughts and opinions below.

What are the new trends with HR Management Technology?

Mobile recruiting is a relatively recent phenomenon in the recruitment world. Smartphones and tablets haven’t really been around all that long—the release of the first iPhone was only six years ago. But mobile has become an increasingly important tool for recruiters who want to remain competitive when sourcing and engaging talent. In fact, many companies now report that 20 percent or more of their career site traffic comes from mobile devices, and the mobile job search is doubling each year.

With all those stats in mind, the first step any company should take is to ensure that their career site is mobile optimized—meaning its easily viewable on a cell phone or tablet. Any step after that will be a bonus.

What is the level of open source software awareness among HR folks?

Given that Software Advice’s 2014 HR BuyerView report found that almost 40 percent of HR software buyers were evaluating software for the first time, I suspect that awareness of open source technology isn’t extremely prevalent among HR professionals.

What are most critical HR functions HR Managers look in a HR management software?

In our BuyerView report, we found that HR professionals most often seek out new software in order to help them better manage their hiring process. In fact, we found that 40 percent of buyers were seeking an applicant tracking system. The next most sought after functions were time and attendance and performance reviews.

Data protection and security concerns are at an all time high, how does this impact HR tech?

Many of the buyers we speak to at Software Advice are purchasing software for the first time. They’re replacing spreadsheets and email with a dedicated software system to handle their needs. Additionally, we found that 77 percent of these buyers are purchasing software that is Web-based, meaning it’s hosted on third-party servers and updated regularly by the vendor.

In my opinion, storing employee information using Web-based software is much more secure than relying on spreadsheets and email. Maintaining security then lies with the software vendor, which has the resources required to stay up-to-date on the latest security processes—a statement that isn’t always true about small businesses without their own designated IT departments—as well as a vested interest in protecting their clients’ data.


After speaking with Erin, we can conclude that success in the HR industry is heavily reliant on the implementation and proper utilization of fully functional software. HR managers often seek new software solutions to increase workplace efficiency and improve overall business performance. And since mobile tools have become so important, HR managers and industry professionals need to clearly understand how to use the latest mobile tools in order to continue to perform at a high level. Overall, technology is improving the way HR professionals do their job, and understanding the latest tools and available software is a great way to stay ahead of the curve in our tech-focused industry.

All answers provided by Erin Osterhaus, HR researcher at Software Advice.


Copyright © 2018 OrangeHRM Inc All rights reserved. Powered By WordPress