The dust has at least begun to settle around the Heartbleed bug. The news cycle has spun forward, passwords have been updated, patches have been created and a million articles and blogs have been written. While we are inevitably doomed to repeat this cycle (ILOVEYOU, Nimda, Storm Worm, etc) it can't hurt to see what real news Heartbleed has brought to the light of day.
We are all vulnerable all the time
Open source, proprietary, apps, it doesn't matter. Heartbleed managed to touch any and everything in its path. As security experts and code analysis tools like Checkmarx and Clang fill in vulnerabilities everything that exists in the digital realm including our money and identities are constantly up for grabs. The sooner we come to grips with that reality the better off we will all be.
The NSA does not care about you
Whether you believe the NSA was opportunistic or inventive, it's clear that they are not about your internet security. We all knew that the NSA lurked in the backgrounds of our email, web history and financials but we all believed that they at least wiped their feet and closed the door behind them when they were done. Instead we learned that they are the equivelant of the babysitter who throws a make out party in your living room while you are gone.
Unaffected corporations avoided Heartbleed in the worst possible way
Some of the companies who avoided the wrath of Heartbleed did so for one reason They hadn't updated their software. A few weeks ago I had the opportunity to observe a panel discussion with several higher-ups of some very recognizable companies including a tech firm and a financial management company. When asked about Hearbleed at least one of them openly admitted that they were immune due to running older software. While this faux pa may have had a positive result this time what are the chances that these lapses played a role in a host of other security breaches.
In the end while none of this is great or new news they have at best become manageable truths.