The exact financial situation of OpenSSL has always been unclear to me; they don't seem to publish financial reports, and get income from various sources (donations, consulting, sponsored work). The references on that Wikipedia page don't contain the claims in the article, and last year they hired a dev and manager[1], and this year a "Business Operations Administrator"[2], which seems to suggest they have more financial resources than what's suggested on the Wikipedia page.
I've always been somewhat skeptical that funding (or rather, the lack thereof) is main reason for OpenSSL's problems. The whole funding thing is mainly a question of fairness, rather than security or quality.
Certainly heartbleed was IMHO not really caused by a lack of funding. It was an experimental extension that no one really used and no one really needed either that was nonetheless enabled by default. That was just a bad call, which happens – live and learn – but no amount of monetary units can protect you from mistakes like that. The entire heartbeat code ended up being removed in 2019 as no one used it.
I've always been somewhat skeptical that funding (or rather, the lack thereof) is main reason for OpenSSL's problems. The whole funding thing is mainly a question of fairness, rather than security or quality.
Certainly heartbleed was IMHO not really caused by a lack of funding. It was an experimental extension that no one really used and no one really needed either that was nonetheless enabled by default. That was just a bad call, which happens – live and learn – but no amount of monetary units can protect you from mistakes like that. The entire heartbeat code ended up being removed in 2019 as no one used it.
[1]: https://www.openssl.org/blog/blog/2021/11/24/hiring-manager-...
[2]: https://www.openssl.org/blog/blog/2022/05/18/hiring-business...