Heartbleed Disclosure Timeline Revealed

Heartbleed Disclosure Timeline Revealed 62

Posted by samzenpus on Monday April 14, 2014 @06:10PM from the when-did-you-know dept.

bennyboy64 (1437419) writes "Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 3. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL."

Heartbleed Disclosure Timeline Revealed

Search 62 Comments Log In/Create an Account

Comments Filter:

Re:"Independent" discovery? (Score:5, Funny)

by briancox2 ( 2417470 ) writes: on Monday April 14, 2014 @06:47PM (#46751685) Homepage Journal

That's what Newton said to Leibniz.

Re:"Independent" discovery? (Score:5, Funny)

by JustOK ( 667959 ) writes: on Monday April 14, 2014 @07:07PM (#46751809) Journal

Or NCC-1701-D

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Heartbleed Disclosure Timeline Revealed 62

Heartbleed Disclosure Timeline Revealed More Login

Heartbleed Disclosure Timeline Revealed

Re:"Independent" discovery? (Score:5, Funny)

Re:"Independent" discovery? (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot