On Mon, 2014-04-14 at 09:36 +1000, Roger wrote:
<snip> It happened. It was known for years. </snip>
RE: request for citation.
http://www.zdnet.com/institutional-failure-led-to-nsa-missing-the-heartbleed...
<snip> It's not outside the bounds of reason to suggest that the NSA, arguably, should have found the bug within days, weeks, or even months after it was reportedly accidentally introduced into the OpenSSL cryptographic library, more than two years ago. </snip>
Obviously. That's one of the first things anyone thought of when they heard of the bug. But "not outside the bounds of reason" does not justify the bald assertion that it *was* known, even if you discount the fact that they deny having known about it.
poc