badkeys is an open source tool to check cryptographic keys for known vulnerabilities. Its developer @hanno gave a talk at German OWASP Day where he discussed how old bugs never die. He tested for the Debian OpenSSL bug discovered in 2008 & found hundreds of DKIM setups still vulnerable. Vulnerable hosts included prominent names like Cisco, Oracle, Skype, and Github. But he sees even older vulns including one which is over 300 years old.
Watch the talk here: