The heartbleed bug was released accompanied by an unforgettable name and a cute logo, promoted by the company that first spotted it.
The defect was caused by a simple error codificationand facilitated massive leaks of passwords and security credentials from many websites that used "secure" SSL connections.
"I think the name, logo and website helped fuel the community's interest," said David Chartier, CEO of Codenomicon, the security testing company that found the bug on April 3.
"The IT community and the press have become important players in disseminating information, and too many affected websites have already identified the problem," Chartier added.
“It happened extremely quickly, and I think it's because the bug had a name, a catchy logo that people remember, which really helped speed by which the world became aware of the fact."
"The Heartbleed logo is probably one of the highest ROIs (considering $ 200 spent) in the history of software security," writes Patrick McKenzie, founder of Kalzumeus Software. Guardian.
“Why spend extra money on a logo? Because it shows professionalism and special effort, because it will be fully utilized by the media to cover the vulnerability, because it goes further by linking to a vulnerability brand, name, logo, and regular web presence, and because it also shows the risk . ”
"We found the bug on April 3, and reported it to the Finnish CERT on Friday 4," says Chartier. "On Monday, CERT Finland reported the bug to OpenSSL, and on April 7, OpenSSL published the advisory bulletin and released the vulnerability fix. Soon after, we developed the website. ”
Codenomicon discovered the flaw while testing its own software. The company does the programs that allow developers to automatically detect security leaks, with a model known as “fuzz testing.” When they implemented the test on their website, they discovered Heartbleed, and very quickly realized that "it was very important."
