To be honest the description of the code in the article...
There were random sleeps added to "fix" race conditions, validation functions that just returned true, catastrophic cryptographic vulnerabilities, whole parts of the protocol unimplemented, kernel panics, security bypasses, overflows, random printf statements deep in crypto code, the most spectacular buffer overflows, and the whole litany of awful things that go wrong when people aren't careful when they write C.
... looks like just the kind of outsourced code that I have the pleasure of working with (which means fixing it after it blows up in live). And as in the article it just appears in the source tree one day with a ticket number and if you open the ticket there's nothing that says how or why.
Someone will be along in a moment to blame C for all that, by the way.