OpenSSL and it's Hearthbleed bug affected around 17%… or half a million of the Internet's secure web servers certified by trusted authorities. The bug potentially allowed attackers to access user names, passwords, or even the cryptographic keys of the server used for SSL. After reviewing the code for OpenSSL OpenBSD founder Theo de Raadt has created a fork claiming that OpenSSL cannot be salvaged. De Raadt told ZDNet that his team has removed 90,000 lines of C code. "Even after all those changes, the codebase is still API compatible," he said. "Our entire ports tree (8,700 applications) continue to compile and work after all these changes."
It's insane to think that something that protects so many consumers has so little resources attached to it. It'll be interesting to see if LibreSSL takes over, if OpenSSL gets funding to clean up it's code, or if everyone is just lazy and leaves it as is until the next bug comes up.
OpenSSL code beyond repair, claims creator of “LibreSSL” fork
OpenBSD developers “removed half of the OpenSSL source tree in a week.”