The Heartbleed bug dates back to December 2011. Why did it take researchers so long to find it?

ITKE ITKE Profile: ITKE
Tags:
Heartbleed

5 Replies to this discussion

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members reply.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Margaret Rouse
    A former colleague would answer this question with one word: SNOWDEN. He believes the bad code was known (or heaven forbid, even paid for) by government agencies who relied on the bug for intelligence. His epic rant last night on "the incredible coincidence of two separate groups of researchers simultaneously finding the bug" almost had me reaching for my tin foil hat.
    1,675 pointsBadges:
    report
  • Ben Rubenstein
    Sounds like your friend is fun at parties. :) While recent revelations make conspiracy theories like that easy to believe, I'd say it's probably more likely that the open source code is just really complex and it's not easy to find these sorts of vulnerabilities. Who knows what else has been lurking for years?
    5,250 pointsBadges:
    report
  • Margaret Rouse
    Well, there sure are a lot of coincidences surrounding Heartbleed that would make a good novel. The fact that the bad code went live right before midnight on New Year's Eve is just a bonus! (Remember that movie with Sean Connery and Catherine Zeta Jones where they planned a theft in Kuala Lumpur for the final seconds of the millennium countdown?)

    Seriously, though, it's kind of amazing that Dr. Robin Seggelmann has come forward to acknowledge that he is the one who made the coding error and that it was an honest mistake, having nothing to do with surveillance.
    1,675 pointsBadges:
    report
  • Ben Rubenstein
    Sure, but isn't that just what someone involved in surveillance would say? 
    5,250 pointsBadges:
    report
  • Kevin Beaver
    Great points Ben and Margaret. I'll also add that, surveillance theories aside, as much as researchers hold themselves on pedestals, they're not all knowing. Smart? Sure. Way smarter than me. But, like doctors that so many in society like to believe have all the answers, they're human. They have oversights and make mistakes like the rest of us.

    I'd venture to guess that such a flaw might not be readily apparent to the human eye or even source code analyzers. But who am I to speculate. I'm still suspect of the whole Heartbleed thing - surely some government agency (higher power) is looking after us and has a bigger plan for the greater good.
    16,640 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following