Julien Goodwin wrote:
On 07/05/14 12:31, Trent W. Buck wrote:
The *only* reason heartbleed is getting mainstream media attention, is because the researchers invested more effort into registering a catchy domain name and designing a cute logo, than on responsible disclosure.
Given they're my coworkers I take umbrage to that. The Finnish team who (apparently) rediscovered this after it was already disclosed to the OpenSSL team by researchers at Google did do some of the publicity, but by that point the patch was already ready, the openssl team were simply taking time on the release to try and coordinate it.
I've seen nothing showing anything but responsible disclosure from all sides on this issue (others, even others involving Google researchers sure).
Shrug. If I'm poorly informed, I apologize. Certainly I'm not happy with the OpenSSL people, either :-)