OpenSSL is not developed by a responsible team.

“Theo de Raadt says the memory allocation and release methods on modern systems would've prevented the ‘Heartbleed’ flaw, but OpenSSL explicitly chose to override these methods because some time ago on some operating systems performance wasn't very good.”