writes "The Heartbleed bug in OpenSSL wasn't placed there deliberately, according to the coder responsible for the mistake — despite suspicions from many that security services may have been behind it. OpenSSL logs show that German developer Robin Seggelmann introduced the bug into OpenSSL when working on the open-source project two and a half years ago, according to an Australian newspaper. The change was logged on New Year's Eve 2011.
"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," Seggelmann told the Sydney Morning Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length." His work was reviewed, but the reviewer also missed the error, and it was included in the released version of OpenSSL."Link to Original Source