Good politics: they had custom code for parts of OpenSSL, they published it when it seemed needed, open-source community told them what was wrong, they fixed it and apologized. No bullshit.
Also: the way this played out makes an awesome story for the next time Akamai experiences internal pushback against participating in open source. "Remember that one time it saved our bacon" is a political goldmine.
Them and everybody else. "Remember that time akamai ran vulnerable code in production for 13 years and the bug got patched two days after they open-sourced it" should be able to drive open source contributions at all kinds of companies.
It won't matter. The response will be, "Without releasing the source no one would've ever found the bug. Now think of how many bugs were found that haven't been responsibly disclosed!"
They are only in problem now, because they have released the patch. If no one outside the company saw that patch, they could spot the problem and fix it without anyone noticing and creating a PR disaster.
They probably wouldn't, but they could.
That is one argument someone could use against "participating in open source".
It's a bit to late for saving bacon, patch should be publicly reviewed before it went into production. So no bacon saved, but there is a hope for a smoke detector.
If they had not released the patch, then it's entirely possible that black hats would have been able to make off with the keys from their customers - and that would have been a real disaster.
I just want to say I don't think you deserve to get voted down (as you currently have been). I was thinking the same thing about this story - it's very interesting because it highlights the (utilitarian) philosophical battle around Open Source. It's really not totally clear in which case they were safer. Your position should at least be considered.
Look, I like open source as much as the next guy, but this is myopic - one might as well say 'remember that one time we used open source stuff and we had to spend weeks scrambling to fix things?'. Please let's not fool ourselves into believing things that simply aren't true - it detracts from the things we can leverage.
