Just a few weeks after discovery ... well, that was quick
By John Leyden, 30 Apr 2014 Infosec The Heartbleed password-leaking vulnerability in OpenSSL has almost been eradicated from the web just weeks after its discovery, according to an encryption expert.Ivan Ristic, director of engineering at cloud security firm Qualys, estimates that 25 per cent of websites worldwide were vulnerable to the data-disclosing bug on 8 April – a figure that has dropped to less than one per cent just three weeks later, he claims.
By comparison, eight per cent of websites are still vulnerable to an insecure renegotiation problem discovered in 2009, he says. "Insecure Renegotiation is bad but not in the same level as Heartbleed, but even so the rapid pace of patching against Heartbleed is unprecedented" and "shows that we can do it if we apply ourselves", according to Ristic.
Melih Abdulhayo?lu, the founder of security firm Comodo, told El Reg that the certification authority had issued tens of thousands of fresh SSL/TLS certificates after word of the Heartbleed bug spread on 8 April. "Everyone realised it was a problem and updated quickly," according to Abdulhayo?lu, who added that Comodo had decided not to charge for reissued certificates.
Full Article
Classic...how to make a failure sound like a such...we let it happened but sorted it in a short space of time...hy let it happen in the first place...LOL