A few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not disclosing the bug to the Open Source community and to its rivals.
Keeping the users’ security at a stake, only a few more organizations and companies were made aware of this devastating bug, According to the Fairfax Media, the bug came in knowledge of Google on or before March 21 and then it followed a few other giants in the industry.
In a timeline of events compiled by the Fairfax Media it was clearly mentioned that the Google notified the OpenSSL about it with a delay of 11 days. The bug was brought under the notice on the April 1. Till the bug was publicly disclosed, none of the companies including Yahoo and Amazon were aware of it and atleast for 48 hours they stayed with the vulnerability. But excluding them, the bug was notified to few other companies, including Facebook, Cloudfare, Redhat and Akamai, almost a day before it was disclosed.
Also a few days ago, Google came up with a blog post stating that the company has patched all of its major services, including YouTube and GMail, and are now secure to use. We reported that, Google in a blog post stated, “You may have heard of “Heartbleed,” a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption. We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth. Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services.”
Although the company didn’t gave a direct answer, a spokesperson said, “We aren’t commenting on when or who was give a heads up. The security of our users’ information is always a top priority”. We now are forced to believe that the Google patched all of its services even before the bug was disclosed.