I've been writing about Heartbleed on the home page of Scripting News today.
I have a question for Mac developers. If you are creating an app that uses SSL, do you implement it yourself or do you call a system routine?
I'm sure you see what I'm getting at. If you're a developer that depends on an operating system vendor's implementation of SSL, and they're taking time to update it, does that leave your services open?
I'm asking about the Mac because I use Macs. I'm wondering for example if Dropbox has a security issue because the Mac has one. And Chrome, and whatever else I'm using that communicates securely with a server.
I'm also guessing that Google has their systems secured because they were the ones who initially reported the vulnerability.