, Theo de Raadt said that while he now believes that a company called Netsec may have been involved in backdoors, he doesn't think that any of this software made it into the OpenBSD code base.

The controversy was after former Netsec CEO Gregory Perry e-mailed de Raadt privately, to warn him that there might be 10-year-old bugs in the software that OpenBSD uses for secure Internet communications. Perry said that the back door code was developed as a way for the U.S. Federal Bureau of Investigation to monitor encrypted communications within the U.S. Department of Justice.

OpenBSD's de Raadt went public with the e-mail, saying he'd rather the whole matter be hashed out in public, and while no one has come forward to back up Perry's allegations (quite the opposite -- two people named in his e-mail have ), parts of what Perry claimed do check out.

For example, there really was a government security contractor called Netsec. And as Perry claimed, a Netsec developer named Jason Wright did make contributions to OpenBSD. "I believe that Netsec was probably contracted to write backdoors as alleged," de Raadt said in his posting. "If those were written," he added, "I don't believe they made it into our tree. They might have been deployed as their own product."

According to de Raadt, Wright worked primarily on drivers for OpenBSD. Another Netsec developer, Angelos Keromytis, wrote security code that used these drivers, de Raadt said.