2014
The year retrospective. 2014 has been the year that under-appreciated infrastructure has been demonstrated as fragile at multiple layers — Heartbleed in OpenSSL, goto fail in Apple TLS, Shellshock in bash, POODLE in SSLv3.
Shellshock
Four days after Stéphane Chazelas at Akamai disclosed CVE-2014-6271 publicly. A bug in bash environment-variable parsing that has been there since 1989 and that allows arbitrary remote command execution in any service that passes user-controlled data into a bash environment.