[5] It is, for example, used by smartphones running the Android operating system and some Wi-Fi routers, and by organizations including Amazon.com, Facebook, Netflix, Yahoo!, the United States of America's Federal Bureau of Investigation and the Canada Revenue Agency.

[7] The vulnerability, which had been shipped in OpenSSL's current version for more than two years,[8] made it possible for hackers to retrieve information such as usernames, passwords and credit card numbers from supposedly secure transactions.

At that time, roughly 17% (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack.

[8] To gather more revenue for the project, Steve Marquess, a consultant for the Defense Department, created the OpenSSL Software Foundation.

[12] Jim Zemlin, the executive director of the Linux Foundation, conceived the idea of the Core Infrastructure Initiative not long after Heartbleed was announced, and spent the night of April 23 calling firms for support.

[13] Thirteen companies responded and joined the initiative: Amazon Web Services, Cisco Systems, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, Qualcomm and VMware.