Comment by PunchyHamster

> If someone meant to engineer a codebase to hide subtle bugs which might be remotely exploitable, leak state, behave unexpectedly at runtime, or all of the above, the code would look like this.

I'd wager if someone did that the codebase would look better than OpenSSLs

The codebase designed to hide bug would look just good enough that rewriting it doesn't seem worth it.

OpenSSL is so bad that looking at it there is just desire to rip parts straight out and replace them, and frankly only fear-mongering around writing security code kept people from doing just that and only after heartbleed the forks started to try. And that would also get rid of any hidden exploit.