The Heartbleed vulnerability is only rated as “moderately critical” by Secunia. Secunia Research classifies vulnerabilities by rating the severity of vulnerabilities from 1: “ not critical” to 5: “extremely critical.” Going by the PR Heartbleed received, you would be excused for thinking that what we were dealing with here was, indeed, “extremely critical.” The Heartbleed vulnerability was in fact only rated as a 3 of 5 by Secunia: “moderately critical” “The reason it caused so much trouble was an unfortunate combination of timing and unsuccessful coordination. In the course of the week between the initial discovery by Google and the vendor advisory disclosure, and the release of the patch, a number of organizations such as Akamai, Facebook, and Cloudflare were aware of the vulnerability and have committed patches to their own services.
So, to sum it up: the unsuccessful coordination preceding the disclosure of the vulnerability meant that everybody had to play – and are still playing – catch-up, trying to contain the damage.Who reported what to whom? And what did they do about it? Here is the full overview of the Heartbleed train wreck in the Secunia Infographic
About Secunia
Secunia is recognised industry-wide as a pioneer and global player within the IT security ecosystem, in the niche of Vulnerability Management. Our award-winning portfolio equips corporate and private customers worldwide with Vulnerability Intelligence, Vulnerability Assessment, and automated Patch Management tools to manage and control vulnerabilities across their networks and endpoints.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.