Heartbleed is thought to be one of the most serious security flaws ever found, partly because it remained undiscovered for more than two years. Experts estimate that around two-thirds of the world's web servers run the software that contains the flaw, known as OpenSSL, meaning they are vulnerable to attack until a security patch is installed.