Talk:Heartbleed/review

Latest comment: 3 years ago by MJL in topic Heartbleed review

Heartbleed review

edit

This is an atypical peer review for an article I have been trying to improve myself. I guess I just wanted a place to put down my thoughts on how we can get this article back to WP:GA status.

About

When I think of internet security vulnerabilities, I remember Heartbleed. At the time, it was incredibly scary and impactful (even to me as a kid in High School). It was the first real bug I had witnessed first hand (not being around for the Y2K bug).

Problems

(1) A massive portion of this article relies on sources from the year 2014. I mean there are a handful of sources from after that, but the vast majority were written in 2014. I have to imagine a good part of the reason this article was reason was the WP:ITN/awareness-aspect of it.

(2) Pretty much a ton of the actual citations are primary sources. Generally, they are links to statements posted by websites about how Heartbleed has disrupted their service. These should be replaced with secondary sources wherever possible.

(3) The references need a consistent formatting anyways.

(4) Structure. The article is written is a pretty counterintuitive way. I will let it speak for itself:

Extended content
1	History
1.1	Discovery
1.2	Bugfix and deployment
1.3	Certificate renewal and revocation
1.4	Exploitation
1.4.1	Possible prior knowledge and exploitation
2	Behavior
2.1	Affected OpenSSL installations
2.1.1	Vulnerable program and function
2.2	Patch
3	Impact
3.1	Client-side vulnerability
3.2	Specific systems affected
3.2.1	Websites and other online services
3.2.2	Software applications
3.2.3	Operating systems/firmware
3.3	Vulnerability testing services
4	Remediation
4.1	Browser security certificate revocation awareness
5	Root causes, possible lessons, and reactions
6	References
7	Bibliography
8	External links
Solutions

More scholarly sources are needed, and a complete rewrite is probably needed in some places. The structure should likely look something like this:

View the source code for additional notes
The following discussion has been closed. Please do not modify it.
  1. Overview
  2. History
    1. Origins
    2. Discovery
    3. Bugfix and deployment
  3. Behavior
  4. Effects
    1. Services affected
      1. Websites
      2. Software
      3. Operating systems and firmware
    2. Certificate revocations
    3. Exploitation
    4. Impact
  5. Reactions
  6. References
  7. Bibliography

Hopefully that helps people in the future.. Probably myself. –MJLTalk 04:36, 19 January 2021 (UTC)Reply