The Heartbleed bug spreading panic throughout the Internet is no more than an "oversight," according to the developer who mistakenly introduced it on New Year's Eve 2011.

Robin Seggelmann, a programmer based on Germany, submitted the code in an update at 11:50 p.m., Dec. 31, 2011, intending to enable Heartbeat in OpenSSL.

The update, he told The Guardian, did just that, but also led to the Heartbleed bug, which has laid bare encrypted data, opening the world's largest library of personal information to scammers.

"I am responsible for the error," Seggelmann told the paper, "because I wrote the code and missed the necessary validation by an oversight. Unfortunately, this mistake also slipped through the review process and therefore made its way into the released version."

The flaw, uncovered this week by a team of researchers from Google Security and Codenomicon, has been in the wild since version 1.0.1 was released in March 2012. Heartbleed has put Web content, emails, instant messaging, and virtual private networks, on about two-thirds of the world's servers, in jeopardy.

A fixversion 1.0.1gwas launched on Monday. The bug does not affect all versions of OpenSSL, just 1.0.1 through 1.0.1f (not 1.0.1g, 1.0.0 branch, or 0.9.8 branch). However, exploits are untraceable, meaning the vulnerable version of OpenSSL can be abused by attackers while Web users remain none the wiser.

Seggelmann has managed to find the silver lining in this disastrous flaw.

"I don't see it as a failure of open source," he told The Guardian. "On the contrary, the publicly accessible code made it possible that the error has been discovered and published. I can only assume that it took so long because it's a new feature which is not widely used and not a conceptual, but a simple programming error."

For more, see PCMag's Heartbleed: The Complete Rundown. Also check out Heartbleed: How It Works and Heartbleed Bug: Should You Panic?

Further Reading

Security Reviews