Forgot your password?
typodupeerror

+ - Heartbleed coder: bug in OpenSSL was an honest mistake -> 1

Submitted by nk497
nk497 (1345219) writes "The Heartbleed bug in OpenSSL wasn't placed there deliberately, according to the coder responsible for the mistake — despite suspicions from many that security services may have been behind it. OpenSSL logs show that German developer Robin Seggelmann introduced the bug into OpenSSL when working on the open-source project two and a half years ago, according to an Australian newspaper. The change was logged on New Year's Eve 2011.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," Seggelmann told the Sydney Morning Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length." His work was reviewed, but the reviewer also missed the error, and it was included in the released version of OpenSSL."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Heartbleed coder: bug in OpenSSL was an honest mistake

Comments Filter:
  • The linked Sydney Morning Herald goes on:
    "Despite denying he put the bug into the code intentionally, he said it was entirely possible intelligence agencies had been making use of it over the past two years."

    One can assume said intelligence agencies would run their own software review and routinely check the source code of critical security software for obvious flaws. And if some agency even states Internet security as one of their goals, one can be certain they audit new patches.

    It is very, very li

Whoever dies with the most toys wins.

Working...