Is it lack of awareness or Is it lack of understanding or Is it a lackadaisical and adhoc response to an emergency situation that has severely shaken up the Security world along the way damaging the reputation of Open Source Software?
Since the Heart Bleed security flaw was discovered 2 months ago, (Heartbleed, the greatest security flaw to hit the web) the action has been painfully slow in putting the vulnerability to rest.
When we take a corrective action post the event, we are supposed to be reactive which is less preferred compared to action prior to the event which is a preventive or proactive approach. In this case despite the warnings by the security experts about the impending threat, the action so far has been lukewarm and half-hearted.
As per Robert David Graham from Errata security, who initially announced post the discovery of the potential security foible, that 600, 000 servers are at risk, revised his list two months later to 309,197 servers . It means a whopping 51.5% of the servers identified have still not been patched up!
It is a callous attitude betrayed by the high priests of Security that leaves customers confidential and sensitive information being vulnerable to a man in the middle attack.
It is a grave situation indeed, as a large number of servers using the OpenSSL protocol (Which is a very popular one) are vulnerable to the Heartbleed bug, which causes a person with malicious intent to literally view the data passing between the client and the server and so lots of people are at risk of their information being up for grabs.
The main things to do for the server administrators would be to update OpenSSL to the latest version and also to revoke and reissue existing security certificates.
Let us hope that soon most if not all of the servers are updated soon to be safe from this vulnerability, which some regard to be the biggest vulnerability in the history of the Internet, affecting even giants like Google and Yahoo.