Bob Plankers of The Lone Sysadmin comments:
There’s been a fair amount of commentary & impatience from IT staff as we wait for vendors to patch their products for the OpenSSL Heartbleed vulnerability. Why don’t they hurry up? They’ve had 10 days now, what’s taking so long? How big of a deal is it to change a few libraries?
Perhaps, to understand this, we need to consider how software development works.
If you found yourself wondering why it took days (or even weeks) to patch Heartbleed, read on to learn why pushing patches out the door isn’t an easy task.
Read more at: The Eternal Wait For Vendor Software Updates