Codenomicon is having its cake and eating it, too.
Engineers at the security company discovered on April 4 the flaw in the cryptographic protocol OpenSSL and christened it the Heartbleed bug (see: Heartbeat Bug: What You Need to Know) . Then, in a combination of a public service and savvy marketing, the company created Heartbleed.com to help IT and security practitioners understand and mitigate the vulnerabilities Heartbleed poses.
And, a graphic artist at Codenomicon created the widely used logo of a bleeding heart now associated with the flaw, a logo that is in the public domain and free to be used by anyone seeking to promote Heartbleed.
Codenomicon Chief Executive David Chartier says the company launched Heartbleed.com on April 7 to help the security community understand the issues around the bug and make sure they got answers to the most common questions. "We wanted to help get the word out quickly," he says.
And the word certainly traveled fast. Ten days after Codenomicon debuted Heartbleed.com, the site had received nearly 4.3 million visits from just over 3 million unique visitors, Chartier says.
Heartbleed has become a favorite among Twitter followers, with the term receiving nearly 700,000 tweets in less than two weeks, according to Topsy Labs, a social media search and analytics company that indexes Twitter tweets. And, two weeks after Heartbleed's launch, Twitter traffic remains strong. On the afternoon of April 18, followers were tweeting Heartbleed at a rate of nearly 1,000 tweets an hour. That's down from 3,000 tweets per hour in the first days after Heartbleed.com's launch, but still an impressive number.
"Heartbleed has helped get our name out and helped people understand what we do," Chartier says. Codenomicon develops so-called fuzzing tools to test software for security vulnerabilities.
Helping the Bottom Line
Heartbleed.com is more a public service than a marketing tool. Visitors would need to scroll toward the bottom of the page before any mention of Codenomicon. Still, Heartbleed.com could help Codenomicon's bottom line. "It's helped business since a lot of organizations are now contacting us and asking how they can start doing this type proactive testing of their software," Chartier says.
In my first interview with Chartier days after the revelation of the OpenSSL flaw, he explained how Heartbleed got its name (see Heartbleed Discoverer Speaks Out). OpenSSL is known as "heartbeat" because it allows the secure relaying of messages back and forth. One of Codenomicon engineers bastardized the heartbeat to Heartbleed because the flaw that allowed the bypassing of encryption on websites.
Chartier, though, sees his company's efforts to promote mitigating Heartbleed as just one part of efforts to address the software flaw. He gives credit to the collaborative nature of the open source community on spreading the word about the OpenSSL flaw and helping develop fixes. "We're impressed by how the community worked to get information out and react quickly to solving the problem," he says.
To be sure, it takes a community to successfully resolve IT security challenges.