Talk:Heartbleed

Community reassessment

Heartbleed

Article (edit | visual edit | history) · Article talk (edit | history) · Watch • Watch article reassessment page • Most recent review

Result: Delisted due to the verifiability concerns raised by Vanamonde93. Mz7 (talk) 10:45, 2 February 2019 (UTC)

• In the four years since this article was listed as a GA, a number of verifiability problems have crept in, to the extent that the page no longer meets the Verifiability criterion for Good Articles. I'm listing this for community reassessment because although I noticed this page in skimming through some GAs, I have had unpleasant interactions with the editor who nominated this for GA status (who has since been indeffed for sockpuppetry). Vanamonde (talk) 06:09, 2 January 2019 (UTC)

• Delist if uncited statements are not fixed in a timely manner. buidhe (formerly Catrìona) 03:09, 4 January 2019 (UTC)
• Delist, per my statement above, and because the unsourced content is somewhat technical material; fixing it isn't a trivial undertaking. Vanamonde (talk) 06:01, 4 January 2019 (UTC)

Heartbleed review

Article (edit | visual edit | history) · Article talk (edit | history) · Watch  · Review

This is an atypical peer review for an article I have been trying to improve myself. I guess I just wanted a place to put down my thoughts on how we can get this article back to WP:GA status.

About

When I think of internet security vulnerabilities, I remember Heartbleed. At the time, it was incredibly scary and impactful (even to me as a kid in High School). It was the first real bug I had witnessed first hand (not being around for the Y2K bug).

Problems

(1) A massive portion of this article relies on sources from the year 2014. I mean there are a handful of sources from after that, but the vast majority were written in 2014. I have to imagine a good part of the reason this article was reason was the WP:ITN/awareness-aspect of it.

(2) Pretty much a ton of the actual citations are primary sources. Generally, they are links to statements posted by websites about how Heartbleed has disrupted their service. These should be replaced with secondary sources wherever possible.

(3) The references need a consistent formatting anyways.

(4) Structure. The article is written is a pretty counterintuitive way. I will let it speak for itself:

Extended content

1 History 1.1 Discovery 1.2 Bugfix and deployment 1.3 Certificate renewal and revocation 1.4 Exploitation 1.4.1 Possible prior knowledge and exploitation 2 Behavior 2.1 Affected OpenSSL installations 2.1.1 Vulnerable program and function 2.2 Patch 3 Impact 3.1 Client-side vulnerability 3.2 Specific systems affected 3.2.1 Websites and other online services 3.2.2 Software applications 3.2.3 Operating systems/firmware 3.3 Vulnerability testing services 4 Remediation 4.1 Browser security certificate revocation awareness 5 Root causes, possible lessons, and reactions 6 References 7 Bibliography 8 External links

Solutions

More scholarly sources are needed, and a complete rewrite is probably needed in some places. The structure should likely look something like this:

View the source code for additional notes
The following discussion has been closed. Please do not modify it.
Overview History Origins Discovery Bugfix and deployment Behavior Effects Services affected Websites Software Operating systems and firmware Certificate revocations Exploitation Impact Reactions References Bibliography

Hopefully that helps people in the future.. Probably myself. –MJL ‐Talk‐^☖ 04:36, 19 January 2021 (UTC)