It’s always interesting to see very technical bug like Cloudbleed hit the mainstream media. Cloudflare went from something with little consumer awareness to hyperbolic destroyer of Internet-worlds overnight. It helps that Cloudbleed sounds terrifying in a biblical sense.
In all this noise, Troy Hunt put together a piece outlining some more subdued thoughts on the Cloudflare security bug. It certainly doesn’t underplay the severity, but also avoids sensationalism. It’s a great piece to put the security concerns into perspective, and actually looks at the risk it truly poses.
Troy Hunt’s Blog comments:
It has a cool name and a logo – this must be serious! Since Heartbleed, bug branding has become a bit of a thing and more than anything, it points to the way vulnerabilities like these are represented by the press. It helps with headlines and I’m sure it does wonderful things for bug (brand?) recognition, but it also has a way of drumming up excitement and sensationalism in a way that isn’t always commensurate with the actual risk.
That said, the Cloudflare bug is bad, but the question we need to be asking is “how bad”? I saw the news break yesterday morning my time and I’ve been following it closely since. As I’ve written a lot about Cloudflare in the past and been very supportive of their service, I’ve had a lot of questions from people. I want to share my take on it – both the good stuff and the bad stuff – and per the title above, I’m going to be very pragmatic about the whole thing.
Read more at: Pragmatic thoughts on #CloudBleed
