There are two pieces of good news to come out of Heartbleed. First, we
haven't heard of any significant security breaches, which mean that the
industry as a whole is getting better at fixing problems as they arise.
The second is that, because Heartbleed presented every single cloud provider
with the exact same challenge, it created an excellent global litmus test for
crisis response. Everyone started from the same baseline, which eliminates
the variability in evaluating their response.
If you're a customer of the cloud, you can review any provider's public
response to Heartbleed to evaluate both their technical dexterity (how long
did it take them to issue a fix?) as well as their communications and
customer service (did their communications assure you that you were in good
hands?). And if you're a provider, you can see how your response compared to
the competition... (more)