Competitors for the next hash standard found to have security-related coding flaws

As further proof that no one is immune to making mistakes, two of the algorithms competing to be the next hash standard were found to contain buffer overflows. The government board in charge of nominating standard cryptographic algorithms, NIST, has been holding a competition to choose the next standard hash scheme. When the corpus of reference implementations were examined with Fortify's code analysis tool, it was found that two of the submissions had buffer overflow errors.

These problems don't affect the cryptographic correctness of the algorithm, and the relatively small size of the algorithms mean they would have likely been found in short order as the process progressed. Nevertheless, this should serve as further proof that everyone, even security people, makes security mistakes.