In April of 2014, a bug in the OpenSSL library was made public under the name Heartbleed. While there have been a great many reports and analyses published about the issue, little has been done to make the problem understandable in the form a children’s book. We decided to rectify that little problem.
Fundamentally, Heartbleed is a technical issue masking two much deeper security problems … that of balancing speed of development with cost and skill of developers and that of trusting one’s vendors and service providers. This book explores these two issues in moderate detail.
In the end, security is about managing your resources. It’s really easy to play the reactive game and only address issues once they hit the mass media, but if you do that, you’re far more likely to experience a compromise. This book shows, as simply as possible, the chain of decisions and their consequences. It’ll take a whole five minutes to read, so what are you waiting for?
If you don’t want to be notified the next time we release a project like this, you can download it without “registration” here: If You Give a Dev a Library