UPDATE:1/12/2018 - DocuSign Meltdown and Spectre Response Status
Our security and engineering teams have completed validation testing and have been actively rolling out patches to address the Meltdown and Spectre vulnerabilities across all of our environments. We have taken a methodical approach to remediation using a canary system with telemetry and monitoring as a guide to ensure customers continue to have a stable, performant and secure experience on our platform.
DocuSign has prioritized and remediated devices in a deliberate manner using a risk based approach working diligently over the past week and patching the vast majority of our infrastructure. Next steps are to continue remediation for all remaining devices and as additional vendor patches become available we will continue testing and deploying in the same manner.
Our Incident Response team continuously monitors our systems for any evidence of attempts to exploit vulnerabilities such as 'Spectre' and 'Meltdown' and we have seen no indications of attempts to target our platforms using these vulnerabilities.