OpenSSL is…a lot harder.
There will be some products on the Linux side that would use the system-wide OpenSSL libraries…that should be a pretty easy RPM/YUM/apt package upgrade.
There will be others that embed an OpenSSL and keep the library separate; the library could have a bunch of different names. If there’s a naming convention we can key on, like OpenSSL.dll or OpenSSL.so then…maybe.
And then the really difficult part. A lot of programs (including BigFix itself) will have static-built their OpenSSL dependency so it’s…just part of the executable. You’d need a static executable analysis tool to detect those (something like BlackDuck), and there are likely hundreds of software titles built this way. I do have some things in mind to use YARA binary-file scanning, but it would be much more “beta” than the other filesystem scans I’ve built lately, harder to setup (one has to compile YARA from source on Linux/UNIX, there’s not a binary distribution), and will take a lot longer to run (since it has to examine every byte of every executable, and not just run a directory listing).
Where the OS software vendors put out their own updates, we’ll of course build update fixlets for those products we cover, but finding the in-house or older/unsupported software is more difficult.
I think the network scanner tools (Tenable, Qualys, etc.) will have a greater role in detecting this through port-scanning and network traffic analysis…more like HeartBleed.