

Ask HN: Is Heartbleed just another Y2K - dashausbass


======
jmsduran
I do not personally believe so. Much of the fear and paranoia surrounding the
Y2K never materialized. Most organizations and companies made sure any of
their affected systems were patched/updated prior to the year 2000. Heartbleed
represents a rather different scenario. One where a very serious, unpatched
bug was out in the wild for at least 2 years. And nobody really has an idea to
the degree to which this bug was used for exploits.

Comparing the two is like comparing apples to oranges, if you ask me.

------
wglb
No, as there was a lot of warning. Many enterprises spent the two or three
years prior to it patching or (less often) reengineering systems, and folks
were on watch during the last month of 1999 and first week or so of 2000.

Many very large dollars were spent.

Heartbleed, on the other hand, came out of nowhere.

