The Heartbleed bug has been in the news, and whenever information technology gets in the news, it means a whole-lotta-cringing for me as I watch journalists who can't figure out the camera on their iPhones try to explain new tech concepts.
This time the big revelation for me is: I can't believe how many people don't know what a "bug" is. I don't expect everyone to know the story about Grace Hopper pulling the moth out of the UNIVAC, but I thought everyone knew the word "bug" refers to an inadvertent error in software. Yet I keep hearing talking heads describe the bug as having "spread to two-thirds of the Internet." Bugs don't spread; they're either there or they're not. You wouldn't say that the GM ignition flaw has spread to five different models of cars.
There's been some confusion over Heartbleed. I've seen several contradictory lists of which web sites were affected. The disagreement seems to stem from the fact that the company that found the bug was nice enough to inform some major web sites before it was made public, so they were able to fix things before anyone knew about the vulnerability. So if you have sensitive data with any of those sites, you'll be save, as long as you assume no one else knew of this vulnerability until it was publicized.
But here's the strange thing. I've worked on countless bugs over the years, and few of them developed their own names. None of them had their own symbols. So what gives here? Both the name and logo come from Codenomicon, the company that discovered it. Apparently they figured that a massive hole in two-thirds of all web sites might not get enough publicity on its own, so they'd better give it a bit of a PR push. They even got the bug its own web page with its own domain. And that exposes the questionable background of many of these software vulnerabilities. They're found by security consultants. The media does stories on them in which they quote security consultants on how severe the problem is. Everyone gets worried, so businesses rush off to hire security consultants.
No comments:
Post a Comment