I'm sure you'll have something interesting, worth recording!

I think we need to take a serious look at the "many eyes" theory because of this. Apparently, there were no eyes on the part of parties that did not wish to exploit the bug for close to two years. And wasn't there just a professional audit by Red Hat that caught another bug, but not this one?

I have to say I'm even less confident in the plan to couple it to DNSSEC.

Sure. We're better. But we need to be even better than that.

I'd say more than just the "community". We have a great many companies that incorporate this software and generate billions from the sales of applications or services incorporating it, without returning anything to its maintenance.I think it's a sensible thing to ask Intuit, for example: "What did you pay to help maintain OpenSSL?". And then go down the list of companies.

I think that NSA has good coverage and analysis tools. They probably knew of Heartbleed, and they probably know of dozens more flaws like this.

I will be glad, when they cease to exist.

Thames Valley? Hardly a desert, m'boy! Except culturally. Norman churches. That's still the talk of the town!

"Google for your 'one ring'! Get your 'one ring' here at Google!"

OK guys. We've promoted Open Source for decades. We have to own up to our own problems.

This was a failure in the Open Source process. It is just as likely to happen to closed source software, and more likely to go unrevealed if it does, which is why we aren't already having our heads handed to us.

But we need to look at whether Open Source projects should be providing the world's security without any significant funding to do so.

Of course I can ignore words. But some words matter, and some don't.

One turd, not several. Wow. :-)

Linky linky.

Here's your 3D dustbowl.

It's not like clean, potable water is a limited and in-demand resource for anything more valuable than looking at Minecraft, or architectural renderings of a new home for Larry Ellison.

In case you've been sleeping under a rock, this is the 21st Century. Not knowing something doesn't stop the media from reporting on it.

Feel free to start such a team, and get that competing implementation going.