Windows XP is a much greater risk than Heartbleed
Windows XP, is now a permanent, ongoing "zero day" vulnerability. If attackers are smart and stealthy, we may not even know how many vulnerabilities are discovered in Windows XP from this point on -- or how critical they are. There won't be any more patches or updates, so it's permanently at risk.
We need to stop looking at security as a thing and more as a process -- it is a verb, not a noun. There's an ongoing circle of life where weaknesses and vulnerabilities are discovered and corrected in a co-evolution of attackers and defenders.
"XP, on the other hand, has stopped evolving and any vulnerability discovered from April 8, 2014, into the future will remain a danger to everyone connected to the Internet," declares TK Keanini, CTO of Lancope. "The only solution for XP at this point is to make it go away -- rid it from existence. Everyone needs to do their part to get rid of it, because if we don't, in this connected world, it will ultimately be a bad thing for everyone."