Threatpost: It’s been more than two months since news broke of the Heartbleed vulnerability in OpenSSL one of the Internet’s most widely deployed cryptographic libraries. In the days and weeks that followed the emergence of the bug, which affected an unknown but arguably vast swath of the Web, vendors were quick to provide patches. However, new research suggests the zeal to fix the widely publicized bug may be waning.
Robert Graham, a security researcher and the owner of Errata Security, has been tracking the patch progress for Heartbleed since shortly after it emerged. Just days after Heartbleed became known, Graham performed a scan of port 443 traffic andfound that 615,268 machines were vulnerable. A month after that, Graham performed a second scan of port 443 and found 318,239 machines vulnerable. On Saturday, he performed a third scan, finding that 309,197 machines remain vulnerable.