aaronpkand as soon as there's a bug found in the signature protocol, everyone is going to have to update their code bases to fix it, whereas when there's an openssl bug, it's an update of the underlying operating system but no change to application code
