Back to News Archive

Heartbleed Bug Remained Undiscovered Until Public Reveal

September 19, 2014  Malware News

Headlines this past spring on a vulnerability in the OpenSSL cryptographic library likely were the first time most people became aware of the flaw, reports researchers from several U.S. universities. Their analysis outlined in a 14-paged paper found no evidence the OpenSSL vulnerability was used by any entity, including government surveillance, before the mass notification was issued in April 2014. However, just hours after the flaw was revealed, exploits began targeting what became known as the Heartbleed bug. These researchers question the effectiveness and delivery of mass notifications, and how the technology community should handle a similar situation in the future.

Back to News Archive