Problems with open source security

There are many problems in the news regarding open source components when used for security. Most of the time it's about that everyone can read the code and find security holes easier.

The more pressing issue in my opionion is that those projects (which power a huge part of our online existence) are vastly underfunded. As with the heartbleed bug where there was only one guy maintaining the code.

And now there is a new story which is about email encryption which again is also just maintained by one guy in Germany. And he was nearly going broke while trying to maintain the software which is the basis for nearly all of the world wide email encryption systems.

Fortunately after this article broke he received the funding he deserved. Still it's sad that it needs such articles for those guys to get paid barely enough.