Video of a talk by Bob Beck at BSDCan 2014 a few weeks ago. Not just a deep dive into the technical details of the security news story of the decade, but an education in software development best practices (most of which appear to have been violated by the OpenSSL project).
Why did “we” let OpenSSL happen? Nobody looked. Or nobody admitted that they looked. We all did it. The code was too horrible to look at. This isn’t just an OpenSSL thing, or just an open source thing. It’s not unique in software development, it’s just the high profile one of the moment.
LibreSSL at BSDCan by Michael W Lucas (17 May 2014).