The infamous Heartbleed SSL security flaw remains a problem one year after it was brought to the attention of the technology community.
Heartbleed is the current poster boy for bad infections, and made its presence felt almost immediately after disclosure with attacks taking place within 24 hours.
Worryingly, despite a year now passing since the issue was brought to light, many businesses are still at risk, according to research by seurity firm Venafi.
It noted that last year 76 percent of the "largest global organisations in the world" were at risk from the vulnerability, but that the situation has not improved much since.
There has been only a slight decrease in vulnerable companies, despite an increased focus on encryption, and warnings about other equally notorious threats.
"We would have expected to see a significant improvement this year. Unfortunately that's not the case," Venafi said in a Heartbleed 2015 research blog post.
"There is only a two percent improvement in the number of Global 2000 organisations that have remediated Heartbleed."
A Venafi report entitled Heartbleed One Year Later (PDF) lists the countries with the most vulnerable systems.
Australia is in the worst shape with 84 percent, followed by France with 78 percent, the Netherlands with 68 percent, the UK with 67 percent, and the US with 59 percent.
The security firm explained that there is a four-step process to eliminating the Heartbleed threat: patch the OpenSSL vulnerability; revoke old certificates and replace them with new ones; and generate new SSL keys.
Many companies uncovered in the Venafi report have not followed this advice so far. Where certificates have been replaced it has been because they have expired rather than ditched as part of remediation work.
"An astounding 65,000 certificates were reissued with new private keys simply because of impending expirations," Venafi said.
"Although it is good practice to keep short key and certificate rotation cycles, organisations should be replacing all keys and certificates to remediate Heartbleed.
"It would seem, based on the trend of replacing keys only for impending certificate expirations, that organisations have either given up trying to fully remediate this massive vulnerability or simply don't grasp the gravity of the situation."
This lax approach leaves firms wide open to attack, according to the firm.
Yuval Ben-Itzhak, the CTO of security firm AVG, echoed these thoughts, noting on a blog post that awareness of Heartbleed remains a key problem.
"I’d love to be able to say that we’ve learned many lessons from Heartbleed and that the web is now a more secure place. Sadly, it’s not as simple as that. Public awareness remains a major issue for internet security," he wrote in a blog post.
Q3 losses reverse Q2 gains
FBI briefing US companies to dump Kaspersky, claiming intelligence prove it a 'threat to national security'
Kaspersky rejects FBI accusations that its products are a 'threat to national security'
But breached contractor says that it simply didn't have that much data
EE follows Three in threatening legal action against Ofcom - but for entirely different reasons