The heartbleed vulnerability exposes a weakness in current vulnerability management practices - namely, they aren't driven by the data. Starting with the data, we identify 4 vulnerabilities which are arugably more important than Heartbleed.

1. A Heartbleed
By Any
Other Name

3. CVSS v2 Base Score:
5.0
(MEDIUM) (AV:N/AC:L/
AU:N/C:P/I:N/A:N)

4. “CVSS V2 scoring evaluates the impact of the
vulnerability on the host where the
vulnerability is located. When evaluating the
impact of this vulnerability to your
organization, take into account the nature of
the data that is being protected and act
according to your organization’s risk
acceptance. While CVE-2014-0160 does not
allow unrestricted access to memory on the
targeted host, a successful exploit does leak
information from memory locations which
have the potential to contain particularly
sensitive information, e.g., cryptographic keys
and passwords. Theft of this information
could enable other attacks on the information
system, the impact of which would depend on
the sensitivity of the data and functions of
that system.”

5. 1. It’s a target of
opportunity for attackers.
2. It’s being actively and
successfully exploited on
the Internet.
3. It’s easy to exploit.

6. Heartbleed
Breach Volume Release -> Now

7. 1. CVE-2001-0540 -
Score: 5.0
2. CVE-2012-0152 -
Score: 4.3
3. CVE-2006-0003 –
Score: 5.1
4. CVE-2013-2423 -
Score: 4.3

8. CVE-2001-0540
CVE-2013-2423

9. CVE-2001-0540
Windows 2000
CVE-2006-0003
ActiveX
CVE-2012-0152
Windows 7
CVE-2013-2423
Java Runtime
HeartBleed

10. Thank you!
www.risk.io