What to do ? Edit
https://github.com/openssl/openssl/pull/1671 Avoid everything that no pay Geoff Thorpe and the other core coders on openssl does, fork your own ssl library away, purging their obfuscated c code.
- http://www.dailydot.com/debug/heartbleed-bug-robin-seggelmann/ The OpenSSL team, including Seggelmann and Henson, is small and receives essentially no pay despite maintaining one of the world’s most popular and important pieces of open-source software. With this notable exception, the team has a stellar security record, as OpenSSL has been expanded to support the massive count of over 80 platforms.
..."receives essentially no pay" ... what more does one need to say? The names of the 13 PHD cryptographers who "work for no pay" at https://www.openssl.org/community/team.html
One of them is no pay Geoff Thorpe who works at http://www.nxp.com. http://s3.amazonaws.com/connect.linaro.org/las16/Presentations/Wednesday/LAS16-300K2.pdf "..Focused on new security problems (and solutions) brought on by the emergence of IoT ...". Translation: how to insert entropy weakened hardware encryption chips and RTOS into raspberrypi. The more raspberry's become Tahoe i2p nodes, the more files that people hide the nsa can access. https://wiki.zephyrproject.org/view/Main_Page , https://www.linuxfoundation.org/news-media/announcements/2016/02/linux-foundation-announces-project-build-real-time-operating-system '.... The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Zephyr™ Project. This open source collaborative effort will unite leaders from across the industry to build a real-time operating system (RTOS) for the Internet of Things (IoT). Early support for the Zephyr Project includes Intel® Corporation (including its acquired business groups Altera Corporation and Wind River), NXP Semiconductors N.V. (including its recent merger with Freescale), Synopsys, Inc. and UbiquiOS Technology Limited. Zephyr Project is inviting others interested in this technology to participate. ...'
The http://www.wsj.com damage control on the heartbleed revelation was handled by NSA agent/journalist Danny Yadron. He did the interviews with Geoff Thorpe. Danny Yadron covers cybersecurity from The Wall Street Journal's San Francisco bureau. He usually writes about hackers, cybercops and what companies do (and don't do) to stay safe on the Internet. At the Journal, he also has covered tech policy, a presidential campaign, national politics and the Midwest – his home. Before that, he wrote for McClatchy, the Austin American-Statesman and The Buffalo News. https://twitter.com/dannyyadron