This week the International Earth Rotation and Reference System Service announced they will add a leap second to Coordinated Universal Time (UTC) on June 30, 2015 at 23:59:60 UTC. Qualys has completed our assessment of the Qualys Cloud Platform and its sensors (scanners), and we do not expect any impact or adverse effect.
The International Earth Rotation and Reference System Service (IERS) is a worldwide organization based in Paris, France that observes the Earth’s rotation irregularities and compares it to atomic time. When the difference between the Earth rotation and atomic time becomes greater than 0.9 seconds, they order a leap second to be added worldwide. Since 1972 a total of 25 leap seconds have been added, and the one scheduled for June 30, 2015 is the 26th.
In the time since Qualys was founded in 1999, there have been leap seconds in 2005, 2008 and 2012, all with no reported impact to Qualys systems or customers.
About Leap Seconds
Due to unpredictable irregularities in the Earth’s rotation, it is possible for a difference in astronomical and atomic time to occur. When that difference of exceeds 0.9 of a second, the IERS calls for a leap second to be added (positive) or subtracted (negative) to/from the Coordinated Universal Time (UTC).
Time is an important component of modern computing, with many equipment, software, and applications relying on Coordinated Universal Time (UTC) to function effectively. This makes the introduction of the leap second an important consideration for all technology and service providers.
The 2012 Leap Second
The 2012 leap second impact was felt mostly on online applications and massive global applications managing massive amounts of global transactions like in the travel and financial market sectors that had a dependence on UNIX-based systems and their particular rigidity in perceiving time. Since that time many solutions have been provided.
How Qualys Will Respond to the 2015 Leap Second
We are not expecting an impact to our services and products. Qualys Operations will be monitoring for any possible anomalies, and any updates or changes will be transparent to the user.
Leap seconds are not a product security vulnerability and are not currently exploitable. However, we cannot rule out the possibility of impact on untested systems, and therefore leap seconds have been classified as a product bug and managed accordingly.
In the case of an anomaly detected that will require a fix, the change will be applied as a hot fix with priority and will be transparent to the user.