You’ve probably never heard of CVE-2014-0160. But you probably have heard of the Heartbleed bug, the security hole in some implementations of the OpenSSL protocol that provides secure communication between servers.
The two are one and the same, except that CVE-2014-0160 is the name assigned under the Standard for Information Security Vulnerability Names protocol, wheras Heartbleed is a catchy, scary name with a catchy, scary logo depicting a red heart. Bleeding.
The power of the Heartbleed logo is in its sheer, bold literalness, and in that regard it’s perfect for its purpose.
Heartbleed was given its identity by the international security company Codenomicon, which independently discovered the CVE-2014-0160 OpenSSL exploit on the same day as Google researcher Neel Mehta.
Most security holes like CVE-2014-0160 would be posted on messageboards read only by the coding and hacking community, but in this case Heartbleed was so serious that everyone who uses OpenSSL in applications such as web, email and instant messaging was at potential risk of having their passwords compromised.
A Codenomicon engineer came up with the name Heartbleed, inspired by a tangentially related piece of software called Heartbeat, and in a brilliantly inspired piece of marketing, Codenomicon registered Heartbleed.com, designed an FAQ explaining the bug, and accompanied it with a logo by Codenomicon designer Leena Snidate.
The logo went viral and the Heartbleed brand was born.
Don’t be surprised if the next major bug also gets its own name and logo™ and probably a clothing range.
