Code that Caused Heartbleed Called an Accident
The programmer responsible for checking in the code that led to the Heartbleed bug in OpenSSL has described it as an accident, not a malicious activity. The bug was found in an area of the code that pertained to security and was caused by "missing validation on a variable containing a length." The code went through a peer review process and neither the original programmer or peer reviewer were able to catch the bug. There is a published list of some sites that have been impacted by the bug, but it would probably be a good idea to change all of your passwords anyway.