What killed me was the financial incentives of the OpenSSL devs were directly opposed to cleaning it up. If you make money through consulting to fix it up on an ad hoc basis then having an impenetrable mess that everyone uses by default and you happen to be the one major expert in is very good for your earning potential.
What's worse is it seems like the incentives didn't line up to motivate a clean up, but they didn't convert that potential into actual cash either. Lose-lose.
The sad thing is, that conflict of interest exists for nearly every open-source project out there. The only real way to make money from creating open source is to do consulting based on your expertise, or an"open-core" model like nginx. Both of these become less profitable as the quality of the open-source code increases.
It's odd that the article doesn't discuss the most common[1] ways in which corporations contribute to free software: by employing the maintainers and allowing them to spend a portion of their time at work improving the software. I know of nearly a hundred people in the same situation (albeit often with much lower-profile projects than OpenSSL) and I know zero programmers working on open-core projects. The consulting model is a lot more common than open-core, but nowhere near as common as the employment model.
The worst is small projects that do one thing well. Although you can produce a stream of them to fill a niche. Most consultancy is around bloated projects.
What's worse is it seems like the incentives didn't line up to motivate a clean up, but they didn't convert that potential into actual cash either. Lose-lose.