The two are one in the same--except for one small point: CVE-2014-0160 is an esoteric corner of code that most of the world could never understand. And Heartbleed is a catchy, scary brand that features one heck of a jarring logo.
Heartbleed was branded by the international security company Codenomicon, which if extraordinary coincidence is to be believed, independently discovered the CVE-2014-0160 OpenSSL exploit on the same day as Google researcher Neel Mehta.
The only part of the story that’s certain is how Codenomicon scored the credit for unearthing the bug: by branding the crap out of it, an approach the company dubbed Bugs 2.0. Most security holes like CVE-2014-0160 would be posted on messageboards read only by the coding and hacking community. Here, a Codenomicon engineer came up with the name Heartbleed--inspired by a tangentially related piece of software called Heartbeat--and quickly thereafter, Codenomicon registered Heartbleed.com, designed sleek FAQs explaining the bug, and accompanied it with a logo by Codenomicon designer Leena Snidate.
“This huge vulnerability needed a striking mark,” Snidate explains over email. “The colour choice was immediate for me--deep blood red.”
Deep blood red. Because it’s talking about a heart that’s bleeding. Heartbleed is not a clever logo, no, but it’s not going for clever. Its power is in sheer, bold literalness--the visual equivalent of talking slowly to a slack-jawed luddite audience that has no clue what the hell CVE-2014-0160 means. And in that regard, it’s perfect for its purpose of welcoming the masses to Heartbleed.com and assuring us, yes, you’ve come to the right corner of the Internet, you idiot. In return, Codenomicon is forever associated with being the solution to what will likely go down as one of the greatest security oversights in Internet history. Plus they get a halo effect to, not just their peers in the security community, but all of the laypeople who barely understand what's even going on in the first place.
Don’t be surprised if the next major bug has many names and many logos, all linked by private security companies looking to cash in first on the free press. But at the end of the day, is this branding really a bad thing?
“I am proud we have been able to share this information to the world in a digestible fashion,” Snidate writes. “Our mission is to make your digital world safer. We believe we have taken a small step in the right direction.”