How to stop the next Heartbleed bug: pay open-source coders to protect us | Dan Gillmor

Don't wait for the next Snowden to tell us if the NSA's been using this privacy hole, too. Help support more heroes of the free and secure web to spot the next one

• Plus: Heartbleed bug – what do you need to do to stay secure?

Yes, it is beyond worrisome that a bug this big existed for so long. But the discovery of Heartbleed – a truly mind-boggling flaw in OpenSSL, the widely used web security technology run on open-source code – led to one of the most rapid responses I've ever seen in the encryption world.

We're not nearly finished repairing this gaping hole in our online safety, with potentially hundreds of thousands of email accounts and sites relying on a secure connection exposed to Heartbleed. And, yes, the National Security Agency probably knew about it before you did. But still, thousands of sites have moved quickly to mitigate at least some of the immediate damage.