| Not sure why you're getting downvoted; it's a legitimate question. I'm not sure OpenSSL is really a good match for that. I've never really studied this, but my impression is that open-source companies fall into two categories: 1) Very small consulting companies built around one or a few passionate people that scrape by rounding up contracts for specific features that businesses want, and 2) Larger companies that provide a substantial set of services around an open-source product (e.g., Chef, Puppet, RedHat, Ubuntu). OpenSSL definitely doesn't match the latter, and I don't think it's great for the former. Having done consulting for years at a time, it's a giant pain in the ass. There's no reason to think people who are good at this sort of coding really want to spend half their time on sales, or would be good at it if they did. And adding features to OpenSSL is exactly what got us into this trouble. This strikes me as the classic case for a tax: benefits are modest but spread widely. If you could painlessly charge each user $0.01/year, you could fund this work no problem. That leads you into all the issues you get with taxes, of course, but in this case I don't think they're obviously larger than the issues you get with capitalism. It's a shame that the US Government has totally burned their reputation with security-minded techies, or they'd be an obvious way to collect and distribute, say, $100m/year for valuable internet infrastructure. Maybe this is a chance for Europe to step up. |
They already have tons of money thrown at them from taxes.
Its just that surveillence and monitoring of citizens and industrial espionage has higher priority than...their stated goal? Theyre too busy analysing malware and making their own, exploiting openssl for their benefit while keeping and hoping none othet agency knows their exploits.