What about all those vulnerabilities that have been sitting there for years and they refuse to bother with ? What about the horrible, obfuscated code base ? What about the fact that the OpenSSL foundation is a millions per year for-profit company that does security counseling ? Sure there is only one active developer, but why exactly is that, is it really because he is poor starving developer or because he is the only one who can understand the obfuscated code and rules it with an iron fist ?
|