I have had not a single email from any of them about Heartbleed
This delayed my finding out about it. I discovered later that most of them had posted their notice someplace a little out of the way—on some blog that’s not even under their main domain name (Google did this and I think Microsoft may have done it), or in a little “news” box that you only see after signing in to the website. I don’t know what immunized me against the instinct to write it off as a hoax. Perhaps it was all of the security literature I’ve read and my daily experiences that have informed me that security is difficult and that flawed code can easily be written by accident.
This delayed my finding out about it. I discovered later that most of them had posted their notice someplace a little out of the way
This seems like a good strategy (for them). Answer the questions of those who have security concerns without drawing negative attention to yourself among naive customers.
This delayed my finding out about it. I discovered later that most of them had posted their notice someplace a little out of the way—on some blog that’s not even under their main domain name (Google did this and I think Microsoft may have done it), or in a little “news” box that you only see after signing in to the website. I don’t know what immunized me against the instinct to write it off as a hoax. Perhaps it was all of the security literature I’ve read and my daily experiences that have informed me that security is difficult and that flawed code can easily be written by accident.
This seems like a good strategy (for them). Answer the questions of those who have security concerns without drawing negative attention to yourself among naive customers.