Comment Re:If they're doing it, it's correct. (Score 1) 162
No... that was just Theo's excuse. He called OpenSSL's memory allocation strategy an "exploit mitigation countermeasure."
Actually, that was just a side effect, and what OpenSSL does that "counteracted" the defense is extremely common in software and software libraries.
It's also generally a good idea as far as performance is concerned ---- and with a library such as SSL which needs to process network traffic (HTTPS, for example); adequate performance is pretty darned important.