Heartbleed wasn’t the only significant SSL/TLS bug in 2014. In February and March, both Apple and the Linux community were scrambling to fix flaws in their implementations of online security protocols. In Apple’s case, someone had mistakenly included an extra 'goto fail' programming statement that left encrypted data sent via SSL/TLS open to capture by hackers.
In the Linux case, the GnuTLS library had a programming flaw exposing user data to potential breaches, similar to Apple’s 'goto fail' problem. In the case of GnuTLS, however, it’s suspected the programming flaw existed for as long as 10 years—prompting Linux community leaders to say, “Huh, Gnu knew?” ( Groan —Ed.)