I'm wondering how many organisations aren't really aware yet of how serious this is.
"OpenSSL warns of critical security vulnerability with upcoming patch
We don't have the details yet, but we can safely say that come Nov. 1, everyone -- and I mean everyone -- will need to patch OpenSSL 3.x. "
https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/