That lingering Hearbleed flaw recently discovered in 200,000 devices is more insidious than that number indicates.
According to a report posted by Shodan, the Heartbleed vulnerability first exposed in April 2014 was still found in 199,594 internet-accessible devices during a scan it performed last weekend.
But according to open-source security firm Black Duck, about 11 percent of more than 200 applications it audited between Oct. 2015 and March 2016 contained the flaw, which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL.