Let's surmise that the reason two distinct researchers (Mehta and Codenomicon) found this same bug in a short timeframe is that the recent Apple & GnuTLS bugs have caused many teams to begin a fresh review of long-ignored shared codebases.

If so, is this the first major bug discovered, with many more to come as they are flushed out by the new level of vigilance? Or, is it the only/last one, being revealed now because the deep dive has now wrapped up?

Those seem to me to be the interesting questions.