Just saw some friends sharing this in Wechat. Seems I will have a lot of work to do - patching my servers, replacing certificates, regenerating keys, etc.:(
It's really unbelievable. This will be a big blow on the open source community. I already saw people saying "see? Open source is no securer". Well, they are right.
To me, this has nothing to do with open source or not. M$ may have something even worse but you will need longer time to find out. I just searched the web and found that as a library that has been so widely used, OpenSSL has only one full time developer and receives on average $2,000 donation per year. What do you expect?
But that simply won't justify such a disaster and it will cast a bad image for open source community in general. I can only hope leaders in this industry see this differently and start to support these great open source projects. They deserve better!