In an interview with The Sydney Morning Herald, Dr. Robin Seggelmann explained his role in Heartbleed, the recently discovered security vulnerability in OpenSSL that has put much of the Internet at risk. He denied introducing the flaw deliberately, as some have suggested. “I was working on improving OpenSSL and submitted numerous bug fixes and added new features,” the German software developer said. “In one of the new features, unfortunately, I missed validating a variable containing a length.”
Dr. Seggelmann’s code was reviewed after submission by Dr. Stephen Henson, who also missed the mistake.
Despite the problem that occurred in this case, Dr. Seggelmann still believes in open source software development. “The benefit of open source software is that anyone can review the code in the first place,” he explained. “The more people look at it, the better, especially with a software like OpenSSL.”