Heartbleed Coder: Bug In OpenSSL Was an Honest Mistake

nk497 (1345219) writes "The Heartbleed bug in OpenSSL wasn't placed there deliberately, according to the coder responsible for the mistake — despite suspicions from many that security services may have been behind it. OpenSSL logs show that German developer Robin Seggelmann introduced the bug into OpenSSL when working on the open-source project two and a half years ago, according to an Australian newspaper. The change was logged on New Year's Eve 2011. 'I was working on improving OpenSSL and submitted numerous bug fixes and added new features,' Seggelmann told the Sydney Morning Herald. 'In one of the new features, unfortunately, I missed validating a variable containing a length.' His work was reviewed, but the reviewer also missed the error, and it was included in the released version of OpenSSL."

Re:Whatever you may think ...

[Krishnoid]

hats off to the developer who admits a mistake.

It's laudable but insufficient; to genuinely move towards making the aggrieved parties whole, I think it demands nothing short of a full refund.

Re:Whatever you may think ...

[GigaplexNZ]

I didn't get to read his disclaimer prior to having my living room intruded by his vehicle so I was unable to make such an informed decision. He should have honked first.

Re:Whatever you may think ...

[Kaenneth]

I'm sure the next issue of Newsweek will have his confession.