|
|
|
|
|
|
by jacquesm
4400 days ago
|
|
|
Searching for vulnerabilities is just like mining for gold: you go for the richest veins first and OpenSSL is deployed widely enough and in enough places where it really matters that it is currently a priority item. I guess until a couple of weeks ago OpenSSL was 'one of many other critical pieces of software that have nowhere near the level of scrutiny that WordPress (and I know you don't meant Wordpress) is receiving currently'. So we'll see a re-focusing on other software when people feel that either the OpenSSL well of exploits has at least temporarily dried up or when something else that is crucial breaks. But as long as vulnerabilities in OpenSSL are discovered at this rate it seems to be an effort well-spent, and we will all reap the benefit of that effort. Heartbleed really shook the IT world, I don't know anybody in operations that was not affected by it. (And I can hear them collectively sighing right now). If there was a Richter scale for exploits it would have rated a '9'. It's a bit like the news cycle, these things tend to burn out. But right now OpenSSL exploits are very much in the spotlight, and guarantee almost instant fame for the person discovering one. So I think we'll see a few more of these before it will quiet down. (I actually hope that we won't see more of these but given the past couple of weeks that hope is not very realistic). |
|
|
Having been around in the '90s, with the instant root shell exploits and whatnot, I tend to think of Heartbleed as more of a 6.