Recommended read from Salon.com: Heartbleed: How did it get there? Why did it take so long to find?

"The major news today that a huge security flaw -- Heartbleed -- has for more than two years rendered most of the Internet vulnerable, such that emails, passwords, credit card data and more are all at risk, prompts a series of questions.

Laypeople and cryptographers alike are abuzz with speculation over the key points: How did such a major vulnerability spread through so much of the Internet (attacking OpenSSL, the encryption central to most online security)? How did the bug reside in most online servers so long without detection? And what prompted the discovery of Heartbleed now, simultaneously by two separate groups, security firm Codenomicon and members of Google Security.

The rumor mill is churning, and little can be firmly established at this point. But it seems worth noting some theories bouncing around corners in the crypto community."