2014
The year retrospective. 2014 has been the year that under-appreciated infrastructure has been demonstrated as fragile at multiple layers — Heartbleed in OpenSSL, goto fail in Apple TLS, Shellshock in bash, POODLE in SSLv3.
Heartbleed
A week after Heartbleed's public disclosure. Two years of exploitable buffer-overread in OpenSSL's heartbeat extension. The remediation is not just patching; it is regenerating server keys, reissuing certificates, revoking the old ones.