I have been fascinated with various news outlets and their coverage of the OpenSSL algorithm bug which effected a large number of servers on the Interwebs. Actually, I chuckled when my wife shared what she had learned from her social media connections. She said without hesitation, they have found a Linux virus. It became apparent to me that mainstream media still spreads FUD regarding free software. For the record the issue had little to do with Linux. The only common thread is that OpenSSL runs on many POSIX compliant Unix-like systems. In fact, OpenSSL runs on most web and mail servers. Of course Linux is one such operating system. The patch was available roughly 24-36hrs after the initial vulnerability was published. In fact, I patched my systems the next day after the published reports and I never gave it much thought afterwards.
It is also important to note that open source projects have a very different business model than its closed sourced counterparts, in fact transparency is a basic tenet of free or open source software. The GPL basically demands that source code is available to all for review, so it is not possible to suppress software vulnerabilities. Had this encryption software been owned by Apple or Microsoft, I am certain that the patch would not have been available as quickly; nor would the problem have been immediately understood by the white hats. ESR explains this point rather lucidly.
At the core of this the "heartbeat" function of TLS, which really is a powerful feature. The idea of keep-alive functionality with performing a renegotiation would be a boon and quite possibly a curse for a production environment.