This is a serious problem. All of the security issues with SSL (Heartblead, etc.) over the past decade were because there was only one guy maintaining it.

It seems like a non-profit would work well here. There are tons of industry organizations that have a vested interest in technology that should be willing and able to support it. Maybe there are just too many devs to support? Or maybe, as the article hints, the real problem isn't money. It's the fact that these people have zero organizational support to back them up, and tend to get burnt out.