This is a fantastic article:http://falkvinge.net/2014...r-the-nsa-than-to-fix-it/
The NSA has an entire budget devoted to doing just this: â€ś$1.6 billion a year on data processing and exploitation, more than a thousand times the annual budget of the OpenSSL projectâ€ť reports The Verge. Their prime directive is to find bugs, keep them quiet, and exploit them for their own gain (sorry, â€śnational securityâ€ť). OpenSSLâ€™s volunteers, on the other hand, need jobs to feed their families. As much as they might want to, they donâ€™t have the time to devote the effort needed to make sure their code is rock-solid. And apparently, neither do its users. It took a Google employee two years to discover Heartbleed, despite the fact that theyâ€™re a multi-billion dollar corporation that depends on the integrity of things like OpenSSL. Evidently, though, itâ€™s still not cost-effective to have dedicated teams keeping an eye on the code.
But then he goes full commie and it goes to pot. But still... a good read.