kick 'em while they're down
Full page ad in today's Wall Street Journal, some German SSL vendor taking the opportunity to big-up themselves at the expense of the Open SSL team and open source in general:
I'm no raving open source lunatic, but I must say that Open SSL has made major contributions to the security of the internet by making it easy and cheap to provide encrypted web services. One major vulnerability in nearly 20 years doesn't change that.
Open source projects including the Linux kernel, GCC, OpenSSH, R, Apache, Perl, and SQLite are pillars without which our current mad technological rush wouldn't be possible. The developers both professional and volunteer deserve credit for making such important and useful software, even the spotty seventeen year old contributors this guy seems so obsessed with.
Do I really believe the "more eyes makes better software" line? No, but having been developing "professional, commercial products" for a while now, I certainly don't believe that open source is fundamentally disadvantaged on quality relative to code that's frequently developed under extreme time and financial pressure.
Hats off to the open source community for the good work they do and its wide benefits. Using heart bleed to tar everyone involved, or even the OpenSSL project itself to push commercial software is low and cowardly.