As a developer, do I have to take any action on Heartbleed ? Being a problem in OpenSSL, I believe it is more of the scope of webmasters, server administrators, etc. But I'm not sure if it's just that (updating OpenSSL and swapping all the certificates and passwords) or if there's any more specific action to take, or some detail we'd have to pay attention to.
Contextualizing, for those who are not aware of the problem: a bug was recently identified in OpenSSL that allowed the attacker to access arbitrary memory regions on the server, all without the need for authentication and without leaving a trace. Certificates, private keys, passwords, personal data, nothing would be safe. It is being described as " the worst security flaw in Internet history ", " on a scale of 1 to 10, this is an 11 ", etc. In the security.SE site, the heartbleed
tag, created yesterday (2014-04-08), already has almost 50 questions