Heartbleed Cheatsheet:
- Upgrade OpenSSL on all of your existing software
- Propose projects to remove infrastructure that can’t be upgraded (if your vendors haven’t shipped a patch, get new gear)
- Force users to update credentials (YMMV depending on what you do, either force a re-auth, or password resets)
- Apologize to your users for not dealing with this weeks ago.
If your employer won’t let you do these four things, the next thing to do is find a new job.
Anything less would be unprofessional.
Since Jim asked, this cheat sheet is licensed under the Mozilla Public License, and I will happily license it under other suitable licenses if needed