[brianwski]

Original author here -> technically Heartbleed was not a bug in the OpenSSL low level library, it was specifically an HTTPS bug (it was a bug at a higher level than the library I'm saying I liked then and still like). Specifically it was a bug in the "Heartbeat Extension for the Transport Layer Security" protocol (the HTTPS level is the TLS layer, the underlying encryption functions did not have this particular bug).

All that is a technicality, software has bugs. Heartbleed was a particularly bad security bug. This doesn't mean you throw out the baby with the bath water. As a society we all use HTTPS and it had a bug -> so we fix this bug and move on as best as we can.

As far as I know, something like 99 percent of routers and OS systems such as Linux, Macintosh, and Windows use the OpenSSL library and it has very little to do with Heartbleed. On the other hand, it is fairly important your system vendor stays on top of security patches and applies them.

OpenSSL is software, and therefore has bugs. But the OpenSSL encryption layer did not contain the Heartbleed bug. Or put differently, the OpenSSL encryption libraries that encrypt AES 128 and AES 256 had nothing to do with Heartbleed, and those are the parts we continue to use at our company completely for free, without paying any royalties to anybody, and they are a lot more secure than anything we could have hand-rolled ourselves even if we took years to do it.