[qwertyuiop924]

Saying Agile-style development was responsible for Heartbleed is just wrong. Crappy code, along with C's "We'll aim the gun at your foot by default, just pull" attitude was responsible for that.

>No one took design and security too seriously. They still don't.

To some degree, but the whole idea of Agile is very test-based: Write something, see if it works, toss it if it doesn't. That's not a hard workflow to integrate security auditing and testing into: It's just another kind of testing, if a slower one.

Given, you are right about this kind of thing being highly anti-planning. As to whether that's a bad thing, I don't know.

However, I can safely say that it's better than some alternatives. There is no way epoll would have gotten through a proper testing in its present state.

So yes, I thing these are big problems, but casting the blame on agile is like saying that a large dog ate your bed: He might have wrecked it a bit, or maybe not, but he couldn't have eaten the entire thing.