I wanted to find out how other organizations are handling UF updates. Do you have any formal process in place? Tools that you use to do this? This is related to the heartbleed vulnerability. Although we understand that the risks are very low for internal machines, our policy dictates that we take care of all vulnerabilities.