Heartbleed vs Shellshock – The DREAD Score

At the OpenStack Summit here, a security researcher discussed the recent Heartbleed and Shellshock vulnerabilities and gave a score for the impact of each, based on a number of threat-modeling metrics.

Both the Heartbleed and Shellshock bugs were open-source flaws found in many Linux distributions, and both had the potential to impact OpenStack cloud users. Heartbleed is a flaw in the OpenSSL cryptographic library for secure transport while Shellshock is a vulnerability in the Bash shell.