Re: Open? Or is Money?
If OpenSSL had been closed source, it is quite probable that the serious security flaws in it would still be unfixed - and probably unknown.
However it's also certain that it wouldn't have been anywhere near as popular, so the impact of those bugs would be several orders of magnitude less.
On the gripping hand, those products would have used something else, with another set of security flaws. Almost everyone uses the "SDK pack", so there would be the NXP flaws, the Freescale flaws, the Intel ones, the MIPs etc.
So the fact that those OpenSSL flaws were found and fixed means that a lot of products got simultaneously better, instead of just one SDK.
On the fourth hand, a heterogeneous set of flaws across different products is much safer than a homogeneous set...