Science and Tech


Programmer Behind Heartbleed Bug Speaks Out

Dr. Robin Seggelmann, a German computer programmer, has owned up to the Heartbleed bug. He calls the mistake \"trivial\" but \"severe.\"
Posted at 3:31 PM, Apr 11, 2014

​The programmer behind the now incredibly infamous Heartbleed bug is speaking out.

Heartbleed, of course, is a severe security vulnerability in many websites' security encryption protocols. The bug is estimated to have affected two-thirds of all Web servers. 

Dr. Robin Seggelmann, a German computer programmer, has owned up to the mistake — one he described to The Sydney Morning Herald as "trivial," but "severe."

Trivial, because the mistake itself was simple — a writer for The New York Times compares it to "misspelling Mississippi."

To understand the mistake, it’s important to understand the nature of OpenSSL. Heartbleed was a bug in the OpenSSL security protocols, an open source toolkit managed by a community of volunteers.

Seggelmann's "Mississippi mistake" made it to the published protocols after being reviewed by several other volunteers.

Which is why Pete Pachal of Mashable attributes the error to the lack of resources for the OpenSSL team. "Although anyone can contribute to OpenSSL — either by contributing code or reviewing it to spot vulnerabilities like Heartbleed — few actually do."

Seggelmann has been accused of purposely adding the bug, but he points to his commitment to fixing OpenSSL bugs as evidence to the contrary, telling The Sydney Morning Herald:

"It's tempting to assume that, after the disclosure of the spying activities of the NSA and other agencies. … It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."

Although some claim the open source nature of OpenSSL caused the problem, Seggelmann says it’s because of that open source nature Heartbleed was found.

The computer programmer is using this massive mistake as a platform for encouraging others to join in on building and improving Internet security.