By September 2015, I hoped that the situation would have improved. After all, system administrators had had plenty of time to apply OpenSSL patches and secure their systems. However, that hope was forlorn - over 200,000 devices were found to be still vulnerable.
So what now?
— John Matherly (@achillean) January 22, 2017
Here's my prediction. In a year's time, we won't see any significant reduction in the number of Heartbleed vulnerable websites and devices connected to the internet.
This is as good as it's going to get. The people who cared about fixing their systems against the Heartbleed vulnerability did it long ago.
The others simply don't give a damn.