Code that Caused Heartbleed Called an AccidentCategory: Bugs / Virus
Posted: April 11, 2014 10:22AM
The programmer responsible for checking in the code that led to the Heartbleed bug in OpenSSL has described it as an accident, not a malicious activity. The bug was found in an area of the code that pertained to security and was caused by "missing validation on a variable containing a length." The code went through a peer review process and neither the original programmer or peer reviewer were able to catch the bug. There is a published list of some sites that have been impacted by the bug, but it would probably be a good idea to change all of your passwords anyway.