It has now been revealed that a very serious bug was independently discovered by a team of security engineers at Codenomicon and Google Security, and they reported it to the OpenSSL team.
Read this post on tvaraj.com