Thanks! Do you know this because you work with him and are relaying his report of that approach in this particular case, or do you just expect that's the case from his usual technique and prior cases?

Wouldn't that track record of awesome ability, and his support for the Freedom of the Press Foundation, also potentially make him a sought-after expert about mysterious things that a journalist didn't understand in a leaked NSA (or other) document?

Do you know if the Codenomicon researcher(s) found the issue in the same way? (Their corporate webpage makes a big deal about their fuzzing tools.)

Do you believe it was just coincidence that both recently found this same monumental vulnerability? How long would Mehta and/or Codenomicon typically privately research such a bug, with or without coordination with OpenSSL maintainers, after first confirmation of danger?

You're welcome! I know this because I work on the same team with him. I'm not familiar with what Codenomicon did and won't publicly speculate.