[robertgraham]

Because Snort's signatures can't detect 'heartleech'.

But most other IDSs can, such as Bro.

Unless there is a tool that demonstrates this, people won't believe that there is a difference between Snort and Bro, because existing tools don't show a difference.

[tptacek]

You didn't address what I wrote. The demonstration didn't require the extraction of private key material from servers, because that's not the bug. The difference between Bro and Snort has nothing to do with private key material.

[robertgraham]

People are good at convincing themselves there is no problem. Vendors are good at convincing people there is no problem. The demonstration has to hit them over the head with the obviousness of the exploit. If the private-key pops up automatically, and a sensor didn't detect it, they have to believe. Otherwise, when the sensor doesn't fire, they'll believe that the exploit is at fault.