Google Criticized Over Heartbleed Response

Google has been accused of playing favorites by some in the security community for withholding information about Heartbleed before the news broke.

Photo: Julius Kielaitis / Shutterstock

Photo: Julius Kielaitis / Shutterstock

That’s according to a report from the Sydney Morning Herald, which says Google waited to too long to go public after discovering the OpenSSL flaw that has since spooked security experts and websites owners.

This has angered many in security circles, who say Google waited too long to tell open-source encryption software OpenSSL, whose software contained the bug and is used by half a million websites globally to encrypt internet traffic. Many of them also say that Google played favourites when it privately told select companies about the bug before OpenSSL.

Many of Yahoo’s services were struck by the vulnerabilities and other sites like Amazon Web Services and GoDaddy were left vulnerable too.

Critics of Google say that if the company had acted quicker with “responsible disclosure”, holes could have been patched quicker.

However, many researchers have found evidence to suggest that the Heartbleed bug may have existed undetected for the last two years.