“This paper discusses specific tools and techniques that could counter #Heartbleed and vulnerabilities like it. I will first briefly examine why many tools and techniques did not find it, since it’s important to understand why many previous techniques didn’t work. I will also briefly cover preconditions, impact reduction, applying these approaches, and conclusions.”
▻http://www.dwheeler.com/essays/heartbleed.html
A very good long and detailed paper, a must-read for every software developper. Mostly technical issues but mention also some “governance” and “management” considerations.
Read it before boasting “They were stupid to use C” or “Static analysis would have catched it”...