On the anniversary of Heartbleed, and the discussions it raised around security vulnerabilities and strategies for all kinds of effected organizations, Fortune reports that 74% of Forbes Global 2000 companies are still vulnerable, having put off, or ignored the relatively simple and well documented fix for this vulnerability. Citing a report by Venafi, a security firm that recently released this report, Fortune's Robert Hackett outlines the steps required to fix the vulnerability and suggests that while many organizations released statements saying they would fix the vulnerability, many have not.
Regardless of the complexity (or lack thereof) of the performing the fix, organizations would have to prioritize it, and promote it through what can be complex production release processes while dedicating resources that are stretched thin more often than not. If organizations remain reactionary, instead of educating their teams and planning for the inevitable need to respond to new reports of vulnerabilities and to keep pace with best practices in security, this pattern will continue, and organizations and their users will remain at risk.