View Single Post
billybobsky
BANNED
I am worthless beyond hope.
 
Join Date: May 2004
Location: Inner Swabia. If you have to ask twice, don't.
 
2014-04-08, 11:11

To be fully robust here: I am not sure your interpretation meets both the evidence at hand (the citation within the blog post), and the textual statements you cite as evidence that they dropped the bombshell -- that CloudFlare 'revealed... details about the security hole and that they've fixed the bug' does not mean they announced it. The fact is that CloudFlare says the vulnerability was announced by the OpenSSL people (it was: http://www.openssl.org/news/secadv_20140407.txt), but perhaps you are right in saying that they made it known to more laypeople -- yet again, the blog post reveals that companies have known about this for a while and have been fixing it prior to the announcement. Those in the business probably follow OpenSSL's pages, and everyone else is left scrounging for whatever press reports or blags come out.
  quote