When the news broke in April, a flurry of stories explained how server operators would need to update their software and replace encryption certificates to secure themselves. (Via Mashable,Symantec, CloudFlare)
And users were in most cases told to wait for server admins to get on with it before they updated their passwords — since no changes would be secure until the underlying OpenSSL was.
The worry today is if a third of a million servers haven’t patched up by now, they never will.
"Sites with sub-par security standards [will] continue to leave themselves — and their users — exposed," says The Verge. "The danger is particularly real now since the exploit has been widely publicized."
Graham plans to update the Errata blog with a new vulnerability count next month, and again at the six-month milestone.