Heartbleed a Year Later: How the Security Conversation Changed

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/security/heartbleed-a-year-later-how-the-security-conversation-changed.html

By Sean Michael Kerner
eWEEK.com
2015-04-07

A year ago today (April 7), I first saw the OpenSSL advisory about a new 
security vulnerability identified as CVE-2014-0160 and titled "TLS 
heartbeat read overrun."

When I first wrote my article for eWEEK on the issue, I identified the 
flaw as the Heartbeat SSL flaw. By the middle of the day on April 8, my 
editors at eWEEK were asking me if I had mislabeled the story since other 
publications were calling it Heartbleed. Time sure does fly.

The name Heartbleed is the branded term that security firm Codenomicon 
came up with. They also branded the vulnerability in a way that I had 
never seen before, but has since become a model that other security 
vendors have tried to emulate. The Codenomicon-branded Heartbleed had its 
own logo and an easy-to-follow description of the flaw and the actual 
risks.

As it turned out, the issue was also discovered by Google security 
researcher Neil Mehta. Both Mehta and Codenomicon were awarded the Black 
Hat 2014 Pwnie award for Heartbleed in the category of best server-side 
bug.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/