The three possible responses to Heartbleed

There really are three things you'll see from vendors about Heartbleed:

  • We don't update our packages very often. (i.e., RUN AWAY RUN AWAY)
  • We use a Microsoft stack for all our web stuff (i.e. RUN AWAY RUN AWAY)
  • Our install was vulnerable, and here's what we've done to fix things. (correct response)
2 responses
How about a fourth one, "Our install was not vulnerable. We checked, and none of our SSL installations use [the vulnerable versions of] OpenSSL"?
Stilgherrian
@Stilgherrian: That's the first one.
Simon Rumble
Add Website URL »