(Page 2 of 2)
On the question of whether this is the biggest threat, Gartner security analyst Avivah Litan commented to us that "it depends how you look at it." She pointed out that, "as long as it's fixed," it is a manageable issue. On the bright side, Litan said, the disclosure of the bug and the quick fix "is what open source is all about."
"Who knows," she said, "if a big company had discovered this kind of error, would they have [similarly] publicized it?"
Litan also said that cybercriminals apparently were equally in the dark about the existence of this flaw, because, if they had known, they would have been using it over the last two years "to grab everything in memory." But, she said, "cybercriminals have not been using this vector, as far as we've been told."
Half-jokingly, she noted that it remains to be seen if the U.S. National Security Agency has been tapping into sites over the last two years through Heartbleed.