I'm less sure how OpenSSL can pull in large revenues on an ongoing basis, but I can tell you how it can easily attract significant money right now: do some bloody fundraising over the next few days or weeks! Just structure it as a crowdfunding drive and stick it up on Kickstarter or whatever for minimum hassle. (You might have to do a bit more work to also avoid tax, I don't know.) If they've attracted €3000 so far in donations without lifting a finger, imagine what they could do if they actually went out to capitalise on the publicity and the unhappiness generated by Heartbleed over the past few days. For that matter, a third party could do the Kickstarter, just as long as people can trust him/her/it not to run away with the money. I previously suggested giving the money to the Internet Bug Bounty pot instead of to OpenSSL itself https://news.ycombinator.com/reply?id=7566208 but obviously money could go to either, or to other relevant good causes.