[ISN] Heartbleed a Year Later: How the Security Conversation Changed

http://www.eweek.com/security/heartbleed-a-year-later-how-the-security-conversation-changed.html By Sean Michael Kerner eWEEK.com 2015-04-07 A year ago today (April 7), I first saw the OpenSSL advisory about a new security vulnerability identified as CVE-2014-0160 and titled “TLS heartbeat read overrun.” When I first wrote my article for eWEEK on the issue, I identified the flaw as the Heartbeat SSL flaw. By the middle of the day on April 8, my editors at eWEEK were asking me if I had mislabeled the story since other publications were calling it Heartbleed. Time sure does fly. The name Heartbleed is the branded term that security firm Codenomicon came up with. They also branded the vulnerability in a way that I had never seen before, but has since become a model that other security vendors have tried to emulate. The Codenomicon-branded Heartbleed had its own logo and an easy-to-follow description of the flaw and the actual risks. As it turned out, the issue was also discovered by Google security researcher Neil Mehta. Both Mehta and Codenomicon were awarded the Black Hat 2014 Pwnie award for Heartbleed in the category of best server-side bug. […]