Who hasn't made a simple mistake like this? The guy has given an interview and comes across to me as an academic who plays with a straight bat.
Guy has a PhD, and later on went on to work for a company with some ties to the German government. Auditor of the commit was another guy with a PhD from the UK.
As many coming from the practical side of things know, you should not let someone with a PhD near a compiler or near code at all. It does not end well.
What let people scratch their head a bit is that the error is not only simple, but an obvious violation of one of the fundamental principles of writing good code: Never trust input.
It is also a bit strange that the RFC 6520 with the heartbeat extension was so quickly rubber-stamped, was authored with the help of the same guy who committed the code, and has at least two fundamental errors . Errors one would have expected would have to be caught by the master experts and guardians of the Internet protocols in the IETF who sanctioned it.
It is actually a fine study that bugs often don't start in the code, but in the specification.
Error 1 in the RFC: Not using TCP's keep-alive on TCP, and just defining something similar and simple for UDP.
Error 2 in the RFC: Having a payload part.
Especially that a payload part was added is strange. And that the same guy then messed up the implementation.