If you have ever used OpenSSL, please donate money to this worthy cause. Your donation will go towards security and cryptographic researchers who are financially (or egotistically) motivated to discover security-related defects in OpenSSL’s intellectual property. Trust me, OpenSSL needs it!!!!!!!! See the below picture for a simple, secure code review on OpenSSL’s latest release, 1.0.1g.
What we see is typical of an older, open source C / C++ based application. Overall, there are code quality issues in addition to common C / C++ software security defects. Fortunately, some of the bugs require unique situations to exist. Unfortunately, as we saw in HeartBleed, other defects are straight forward and easily exploitable.