While this is not exactly a case of presenting a problem without having a solution in mind, he could have made a bit of cash if he had offered to sell the solution in the form of some handy applications that did all of that. If he were especially
greedy insightful, he could have offered it as a service through a subscription plan.
Chirgwin has it right, though: all of Ylonen's recommendations look to be common sense security practices. I would add requirements for documentation and regular auditing.