You would've thought that after getting bitten by it, the Zucks, Brins, etc. of the would would've been happy to kick in a few million a piece to ensure part of the critical underpinning of their services is a bit more bulletproof.
Without having any idea of the numbers otherwise, could this not be a reasonably cost-effective approach to security? Making sure the OSS projects you draw on are properly funded so they can shoulder some of the security responsibility must be easier than employing your own army of security savants to do the same thing internally? I'd love to hear more info on whether this is or isn't a good approach.
I suspect that most corporates use FOSS not because of any philosophical support for it but simply because it's cheap and available.
If it's going to start costing them money then it would raise the question why not spend that money internally where they have complete control of the direction of the project and where only they (rather than their competitors) will get the benefit from it.
That's not to say that what you say isn't workable, just that it's not aligned with much default corporate thinking which makes it somewhat less likely.
Right but the amount 3.9 million to support not only OpenSSL but multiple other projects is so miniscule relatively speaking it is astounding. This "civilization"s priorities are so ludicrous. 3.9 million is probably a tiny fraction of the amount Google earned through ads selling blowjob videos last year.
Without having any idea of the numbers otherwise, could this not be a reasonably cost-effective approach to security? Making sure the OSS projects you draw on are properly funded so they can shoulder some of the security responsibility must be easier than employing your own army of security savants to do the same thing internally? I'd love to hear more info on whether this is or isn't a good approach.