Many a heart skipped a beat when it emerged earlier this month that millions of web servers around the world were vulnerable to a yawning hole in the open-source OpenSSL cryptographic software library . The discovery sent IT execs and web admins around the world scampering to plug the hole . Ten days after coverage of Heartbleed first began, security research firm Sucuri decided to scan the Internet’s top one million websites (as ranked by Alexa) to see how many of them were still vulnerable.
“After 10 days of massive coverage, we expected to see every server out there patched against it. To confirm our expectations, we scanned every web site listed in the Alexa top 1 million rank,” Sucuri CTO Daniel Cid wrote in a blog post Thursday. “Yes, we scanned the top web sites in the world to see how many were still infected.”
Here’s what the firm found: “We were glad to see that the top 1,000 sites in the world were all properly patched, and that just 0.53% of the top 10k still had issues. However, as we went to less popular (and smaller) sites, the number of unpatched servers grew to 2%. That is not surprising, but we expected better.”
If you are a website owner, Sucuri suggests that you use this website to check whether or not your site is affected and, in case it is, to patch the Heartbleed OpenSSL vulnerability post-haste.
Follow Pulkit on Google+