This article has some great info and advice related to Heartbleed for most of the piece, and yet, has the single worst piece of advice I’ve ever heard. So pay attention to the stuff about good passwords and not changing them until sites are patched, and don’t overreact to this issue.
But no, no, no, no – companies should not be writing their own encryption software instead of using OpenSSL. OpenSSL should learn from this, and perhaps we even need a better open source alternative to OpenSSL. But don’t think for a second that most companies are qualified to start writing proprietary encryption software. That’s insane.