Yes, there has been a lot of news, as there rightfully should be, regarding the OpenSSL bug dubbed Heartbleed.
I had heard it was a coding error, but for those who care about the specifics, here is a great article explaining the surprisingly simple mistake.
I believe the article does a great job with this final point:
Should we rail against the OpenSSL developers for this?
Don't even think about it. The OpenSSL team, which is surprisingly small, has been given the task of maintaining the world's most popular TLS library. It's a hard job with essentially no pay. It involves taking other folks' code (as in the case of Heartbeat) and doing a best-possible job of reviewing it. Then you hope others will notice it and disclose it responsibly before disasters happen.
The OpenSSL developers have a pretty amazing record considering the amount of use this library gets and the quantity of legacy cruft and the number of platforms (over eighty!) they have to support. Maybe in the midst of patching their servers, some of the big companies that use OpenSSL will think of tossing them some real no-strings-attached funding so they can keep doing their job.http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html