Why Heartbleed is a Good Thing

Don't get me wrong: Heartbleed wasn't a shining moment in tech security and I'm not super-glad that the vulnerability occurred. Still, personally, I'm pretty happy when stuff like this hits the fan.

Well, I suppose I'm glad in a "question authority" kind-of-way. When a wide-ranging vulnerability like this is brought into the open, it gets us in the technology security field off of our butts to, one, provide a remedy to the most immediate problem, but two, question all of our assumptions.

Incidents like Heartbleed, Edward Snowden's NSA revelations, and the good work conducted by Wikileaks, gets technology professionals to look more carefully at our solutions. It forces us to think differently. These incidents also reveal certain threats that we may haven't foreseen. They also lead us down a path of hardening our all our technologies in short-order to curtail compromise. In all, situations like Heartbleed elevates all of our security postures. They make all of us safer.

Arguably, what wasn't safe was continuing to live in ignorance as Heartbleed was exploited, or, while the NSA was wiretapping private data centers without warrants, or, believing that corporations and governments always have our best interests in mind. Assuming everything is okay wasn't safe. Proving flaws and vulnerabilities - even if the outcomes are undesirable - is how we all get better.

Question authority. Further, question our assumptions. Learn, build awareness, and do better next time. That's what will improve cyber security.