Not that I necessarily disagree with you, but I do want to add two points for consideration:
1. a lot of attention to its security
That doesn't help if bug reports rot in the tracker for years. The developers' attitude might have changed under the current media attention, but for how long will that last? I have yet to read a public statement by the OpenSSL team on how they plan to improve code quality and processes in the long run.
2. a not insignificant increase in much-needed financial support
1. a lot of attention to its security
That doesn't help if bug reports rot in the tracker for years. The developers' attitude might have changed under the current media attention, but for how long will that last? I have yet to read a public statement by the OpenSSL team on how they plan to improve code quality and processes in the long run.
2. a not insignificant increase in much-needed financial support
Even before Heartbleed, OpenSSL might not have been as poor as often reported: http://opensslfoundation.com/what.html http://www.openbsd.org/papers/bsdcan14-libressl/mgp00008.htm...
Again, I am too much of an outsider here to judge, I just want to add these points for consideration.