Five major SSL implementations fallen this year
So, in the space of a year or so, we've had public disclosure of major flaws in RSA BSAFE (defaulting to Dual_EC_DRBG and CVE-2014-0636), OpenSSL (Heartbleed), GnuTLS (certificate validation bug), Apple's SSL implementation (ephemeral key substitution and weak PRNG), and now Microsoft's SChannel.
That's five major implementations - possibly the four biggest, plus GnuTLS, which is not widely used but is the darling of some FLOSS ideologues - in about a year.
SSL is broken. No one can produce a secure version of it, whether FLOSS or proprietary (and damned expensive). It's overengineered and yoked to terrible ideas like X.509 PKI (and thus to ASN.1, a horrible mess all on its own), but perhaps the biggest failing is the requirement for interoperability, which makes the attack surface too damn big and the system too complex.
And no, the LibreSSL hipsters are not going to fix this, regardless of how much they ironically employ Comic Sans (and unironically use KNF, which needs to be killed with fire).
I remarked on this back in April. I speculated then that we'd be seeing an exploit against SChannel soon. Right on the money, but then it was hardly a daring prediction.