Comment by eastdakota
12 years ago
That's not correct. One of the individuals who discovered the bug contacted us as a large provider of SSL termination services. We were asked not to further disclose the details until it was officially patched and announced by OpenSSL. The official announcement occurred today after which we put up a post to let our customers know that they were protected.
I wonder who else was notified early? I noticed Apple's ocspd was downloading an unusual amount of data back on March 31. Could be unrelated, but Apple and other big software vendors would make sense for early notification.
Ah, my apologies. That's unfortunate, though, that OpenSSL doesn't have such a list, and that a larger population was not necessarily contacted.
Thank you for the information, though.