In the open-source development model, the Linux distributions will also contribute back fixes and even features as they come up. As such, it’s difficult to measure the precise size of an active development community for OpenSSL.
That said, it is now very clear that OpenSSL development could benefit from dedicated full-time, properly funded developers. It’s a need that Steve Marquess, co-founder and president of the OpenSSL Software Foundation (OSF), is now openly advocating for.
In a blog post, Marquess noted that the OSF typically receives only $2,000 a year in donations. Since news first broke about the Heartbleed bug, the OSF has raised $9,000 in donations.
“Even if those donations continue to arrive at the same rate indefinitely (they won’t), and even though every penny of those funds goes directly to OpenSSL team members, it is nowhere near enough to properly sustain the manpower levels needed to support such a complex and critical software product,” Marquess wrote.