‘Whoops, My Bad!’ Heartbleed Programmer Regrets “Oversight”

The Heartbleed bug, a bug that has many people panicking that their sensitive information has been apprehended by the unsavoury characters found in the dark corners of the internet, has taken the world by surprise. The risk of our information being vulnerable for almost two years is worrying enough, but imagine how the programmer that overlooked the massive hole feels?

German programmer Robin Seggelmann is the man who introduced the Heartbleed bug into the version of OpenSSL that left many SSL keys vulnerable to those who knew how to exploit the bug. A bug that was introduced as part of Seggelmann’s PhD studies minutes before January 1, 2012, but only just discovered a few weeks ago.

“I am responsible for the error,” Seggelmann told The Guardian, “because I wrote the code and missed the necessary validation by an oversight. Unfortunately, this mistake also slipped through the review process and therefore made its way into the released version.”

Segglemann also touched upon his thoughts as to why the bug took so long to be discovered and was missed even by the OpenSSL volunteer that implemented the erroneous code, explaining that the open source nature of OpenSSL wasn’t at fault. “I don’t see it as a failure of open source,” he said. “On the contrary, the publicly accessible code made it possible that the error has been discovered and published. I can only assume that it took so long because it’s in a new feature which is not widely used and not a conceptual, but a simple programming error.”

So there you have it. The man behind the bug that could have, and may still have, allowed your personal information and passwords get into the hands of the wrong people says sorry.

Join the Conversation

Notify of