Servers housing all of the world's top 1,000 websites have been patched and protected against the Heartbleed bug. Some two percent of the top one million websites, however, remain vulnerable to the bug.
California based web monitoring and malware clean up service Sucuri Security said it recently scanned the top one million websites as ranked by Alexa Internet, a subsidiary of Amazon that collects Web traffic data.
Of the top 1,000 Alexa websites, all were either immune or had been patched with the newest OpenSSL libraries, Sucuri said. Sucuri noted that vast majority of vulnerable servers had been patched as of April 17.
Sucuri also discovered an increasing number still vulnerable to the Heartbleed bug. Of the top 10,000, 0.53% remain vulnerable. Also open to attack are 1.5% of the top 100,000 websites and 2% of the top 1 million.
Security scans by other firms found similar percentages of websites open to attack: Web security firm Websense in California said 1.6% of the top 50,000 sites as ranked by Alexa remained vulnerable.
Because of this, security experts urge website owners to obtain new SSL certificates and keys. They also advised users to be wary of browsing sites that had not done so. Sucuri's scan, however, did not examine sites to see whether they had received new security certificates.
The Heartbleed bug or vulnerability was introduced in OpenSSL in late 2011 and remained undetected until three weeks ago. Heartbleed is the nickname for a flaw in OpenSSL, an open-source cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption.