as far as I know the bug was discovered not just by codenimcon but also by google researchers. In addition the flaw was first published by openSSL after a patch was released. From what I'm seeing also several big companies where contacted before hand and could update before the public release was made. This is what is called responsible disclosure.
It was not codenimcon that defined what date this flaw was published, but rather openSSL. Normally you send in your vulnerability and give people x days to reply to your concerns. Once they have replied you work with them and don't talk about the problem publicly until after the bug has been fixed. This has been done both by google and codenemicon. If you check the official CVE number is CVE-2014-0160. This number has been "reserved" in December 2013. So chances are that the bug has been known since then. Possibly even that openn SSL has been aware of it since then. So according to the logic in your article it must be OpenSSL (and possibly google), that tried to badmouth linux.
The reason we're even talking about linux distro's being insecure at the moment is that openSSL comes preinstalled on most of them, whereas it isn't preinstalled on Windows. So Linux, by default, is affected by this bug and heartbleed.com lists a few that are safe to use and a few that are affected.
I highly doubt that the release date is in any way correlated to XP's death.
is that a bird? a plane? nooo it's the flying blueberry!
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!
Follow BleepingComputer on: Facebook | Twitter | Google+