I have had not a single email from any of them about Heartbleed
This delayed my finding out about it. I discovered later that most of them had posted their notice someplace a little out of the way—on some blog that’s not even under their main domain name (Google did this and I think Microsoft may have done it), or in a little “news” box that you only see after signing in to the website. I don’t know what immunized me against the instinct to write it off as a hoax. Perhaps it was all of the security literature I’ve read and my daily experiences that have informed me that security is difficult and that flawed code can easily be written by accident.
Does anyone know where the most recent version of the welcome thread is? I searched and searched for keywords like “welcome” and “introduction” / “introduce”. Do you not use welcome threads anymore?