Update: OnePlus revises One release date, blames recently-announced OpenSSL vulnerabilities

OnePlus is once again delaying the One, its spec-heavy debut smartphone starting at $299 USD.

Though the company has taken some questionable paths to get to this point, the latest delay, announced in a letter to those awaiting an invite, is blamed on a last-minute software update meant to “work on perfecting some final issues.” While the letter itseld doesn’t go into detail, a CyanogenMOD member took to Reddit to clear up some misconceptions about what exactly this software update entails.

Turns out that the OpenSSL bugs made public last week — these barely two months after the Heartbleed OpenSSL bug that racked the internet — were more severe than some would have let on. As a result, “[CyanogenMOD] decided to include the correction for those vulnerabilities, in the factory release of the One. A new release means the whole firmware needs to be re-certified (including QA time), but we believe the security benefits outweigh the delay. So yes, there was a new build issued at fairly last minute, but it wasn’t due to missing set deadlines or expectations.”

In other words, the issue isn’t with OnePlus, nor really with CyanogenMOD, but with bad luck and an emphasis on security. To that, I say good on you, CyanogenMOD. Way to take your time to deliver a better product rather than rushing it to market and risk your users’ data in the process.

Update: OnePlus has acted quickly and solved the software issues. In a statement yesterday, OnePlus noted that “We did choose to delay the shipment of the first phones in order to make sure the software was secure and provided the best possible user experience. The CyanogenMod team worked very quickly and efficiently and the Open SSL issues have already been fixed. The first OnePlus Ones ship to early users with invites as early as tomorrow.” – IH