Why is Heartbleed called Heartbleed?

Heartbleed Explanation

After a week of unescapable coverage on tech blogs and news sites, it’s probably safe to say most of us now know what Heartbleed is. The positively terrifying OpenSSL vulnerability affected an estimated 66% of the entire Internet at the time of its discovery, and passwords for many big sites including Yahoo, Flickr and thousands more were at risk. Sure, we all know what Heartbleed is, and now, thanks to a simple browser plugin, we know how to avoid websites affected by Heartbleed. What most people don’t know, however, is how Heartbleed got its name.

In an interview with Vocativ, Codenomicon CEO David Chartier gave the world the backstory on Heartbleed, including exactly how and why the bug got its name. Codenomicon is a cybersecurity company based in Finland, and it was the first to discover the Heartbleed vulnerability.

Chartier explained that the bug was first referred to as “CVE-2014-0160,” which was a designator that referenced the line of code containing the bug. As huge as this was, however, they apparently decided it needed a catchier name.

And that’s when one Codenomicon developer — Ossi Herrala — got the idea to call it Heartbleed.

“There’s an extension on OpenSSL called Heartbeat,” Chartier said in the interview. “[Herrala] thought it was fitting to call it Heartbleed because it was bleeding out the important information from the memory.”

Simple, catchy and memorable. Heartbleed it is.

The company then whipped up a logo and a FAQ, and the rest is history.

“Our mission is to make the Internet safer,” Chartier noted. “I’m happy to see the overall community response. The IT security community has really taken this and done a lot with it. I think it’s a tremendous community effort here.”

If you have an account on a site known to have been affected by Heartbleed, head over to this post to learn exactly what you need to do.

Source:
Vocativ
blog comments powered by Disqus