heartbleed
Safeguard articles tagged "heartbleed" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Heartbleed (CVE-2014-0160) Explained: When OpenSSL Leaked Memory to Anyone
CVE-2014-0160, Heartbleed, let remote attackers read up to 64KB of an OpenSSL server's memory per request — private keys, sessions, passwords. Here is the missing bounds check that caused it.
Heartbleed OpenSSL vulnerability retrospective
A decade later, Heartbleed (CVE-2014-0160) still explains why software supply chain visibility matters: severity, timeline, and remediation steps revisited.
What Was the Heartbleed Bug
A deep dive into CVE-2014-0160 (Heartbleed): the OpenSSL heartbeat flaw, its severity, exploitation timeline, and how to remediate it today.
Heartbleed OpenSSL memory disclosure (CVE-2014-0160)
Heartbleed (CVE-2014-0160) let attackers silently read server memory over TLS. Here's the impact, timeline, remediation, and how to detect lingering exposure today.
OpenSSL Project Governance: Security Lessons from Heartbleed and Beyond
OpenSSL's transformation from a two-person project securing half the internet to a properly governed foundation offers a blueprint for open source security governance.
Heartbleed at Five Years: A Practitioner Retrospective
Five years after CVE-2014-0160, Heartbleed still shapes how we think about shared cryptographic libraries, disclosure ethics, and open-source funding.