Heartbleed OpenSSL Bug Reveals the True Cost of Open-Source Software

The scandal is that giant enterprises are doing nothing to contribute to the development, testing and validation of the free software on which they depend. They are takers, pure and simple.

But rather than use the Heartbleed bug as a reason to indict open source as being unreliable, what really needs to happen is to use this as a wakeup call. All of those companies—from Yahoo to Dropbox—that used OpenSSL without doing anything to help create and improve the product are paying for that neglect now. Once they spend millions to fix the problem, perhaps they can spend a few thousand more to help fund development of this critical security library.