I know you're trolling, but some people might not, so I thought it might be helpful to point out that they are actually discovering and fixing vulnerabilities. For example, CVE-2010-5298:

http://www.tedunangst.com/flak/post/analysis-of-openssl-free...