The Heartbleed encryption vulnerability is perhaps the most serious Internet security flaw in recent memory, affecting hundreds of millions of people. The Heartbleed flaw is found within OpenSSL, an open-source cryptographic library used for the Secure Sockets Layer (SSL), which is widely deployed on Linux servers and Internet infrastructure around the world.
What is perhaps not as well-known in the media circus surrounding the Heartbleed issue is how this critical security issue has been packaged and branded from day one. Unfortunately, it is also a flaw that suffered from a broken disclosure process that only served to add further fuel and anxiety to the security risk.
On April 7, the original OpenSSL advisory was first issued, which did not refer to the flaw as “Heartbleed,” but rather as a “Heartbeat” flaw in OpenSSL. Heartbeat refers to the technical monitoring function that the feature provides within OpenSSL.
The name Heartbleed, as well as the well-designed logo that has been reused in countless media reports, is the creation of security research firm Codenomicon. Along with Google security researchers, Codenomicon is taking credit for the initial discovery of the Heartbleed flaw.
Read the full story at eWEEK:
Heartbleed SSL Flaw Angst Aggravated by Broken Disclosure Process
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.