Google knew about Heartbleed for around a month and never told anyone

Google Heartbleed Security Patch

For the past week, a lot of the tech world has been trying to figure out what to do about the Heartbleed bug that has the potential to compromise the security of any website that uses the Open SSL encryption protocol. However, The National Journal reports that Google got a big head start on patching Heartbleed because it discovered the security hole back in March and never told anyone else about it.

In some ways this isn’t too surprising since companies often make sure to patch their own websites and services when they discover security flaws before telling the world about them. However, The National Journal notes that “keeping the bug secret from the U.S. government may have left federal systems vulnerable to hackers” and that Google maintained complete silence about Heartbleed even though “the government encourages companies to report cybersecurity issues to the U.S. Computer Emergency Readiness Team, which is housed in the Homeland Security Department.”

While the government is probably annoyed that Google never told it about Heartbleed when it learned of it last month, Google users can at least be happy that the company has already started fixing flaws in its websites that could leave them vulnerable. Over the next several weeks, tech companies are going to be revoking their security certificates and issuing new ones to protect against hackers stealing and copy the certificates that they were using before the Heartbleed bug was unveiled.

This will likely mean some serious disruptions for popular websites but Google sites might operate more smoothly if the company has already started replacing its security certificates before everyone else rushes in and tries to do the same.

blog comments powered by Disqus