How and why the 'Heartbleed' bug got its name

How and why the ‘Heartbleed’ bug got its name

By Chris O’Brien

April 10, 2014 2:14 PM PT

Over the last couple of days, the word “Heartbleed” has entered the popular lexicon thanks a gaping hole discovered in a commonly used piece of security software.

But where did the name come from? And what does it mean?

Video: Protecting against Heartbleed

The bug was named by an engineer at Codenomicon, a cybersecurity company that has offices in Finland and Silicon Valley, according to an interview posted by Vocativ.

“Heatbleed” was discovered separately and simultaneously a few days ago by Google security researchers and engineers at Codenomicon. In an interview with Vocativ, Codenomicon Chief Executive David Chartier said one of his Finnish engineers coined the name.

Both teams found that OpenSSL, an open-sourced security encryption program used by 66% of Internet servers, had a flaw that would allow any hacker using a simple script to gain access to a treasure trove of personal information.

Originally, the team at Codenomicon called the bug “CVE-2014-0160,” which indicated the line of code that had the bug.

Last Saturday, Ossi Herrala, a developer at the company’s office in Helsinki, coined the name “Heartbleed.”

“There’s an extension on OpenSSL called Heartbeat,” Chartier told Vocativ. “[Herrala] thought it was fitting to call it Heartbleed because it was bleeding out the important information from the memory.”

Fun, but there was also a practical reason for the naming exercise. Chartier said that even as they were trying to figure out how to patch the hole, they were also thinking about how to spread the word since they wanted the news to reach well beyond the usual community of security insiders.

A Codenomicon employee acquired the Heartbleed.com domain name Saturday from some folks who had been using it as a music lyrics site.

After whipping up a logo of a heart dripping blood, the company created a list of frequently asked questions. The team made the site live Monday after a patch was released for the security hole.

The catchy name and the site, Chartier said, helped the company meet its goal of spreading the word.

“Our mission is to make the Internet safer,” Chartier told Vocativ. “I’m happy to see the overall community response. The IT security community has really taken this and done a lot with it. I think it’s a tremendous community effort here.”

ALSO:

‘Heartbleed Bug’ puts Web security at risk

How to protect yourself from the Heartbleed bug

‘Heartbleed’ bug could undermine years of work to build public trust