This month marks one year since the infamous Apache open source vulnerability was first disclosed. SC Media spoke with security researchers who said that widespread exposure remains rampant as the sky-high costs of detection and remediation start to come into focus.
The announcement has been noteworthy as this is only the second time OpenSSL has classified a flaw as “critical” since the Heartbleed bug in 2014. It has also been somewhat controversial among the security community, with some questioning whether the OpenSSL project's decision to go public about the vulnerability before the patch gives attackers more opportunities to exploit it.