I'm pretty sure he was paid to write BIND, and maybe some other programs you think he did for your benefit, for "free".
And I'm sure these "free" programs, with all their vulnerabilities, have resulted in quite a few dollars in "consulting" fees which he and his "not-for-profit" (=pay no taxes) organization (ISC) has billed for "support" over the years.
Of course, there's nothing wrong with getting paid for your work. It's when you produce bug-ridden programs that are intended for widespread public use and then claim they are the "gold standard" that you may face criticism.
And now he's in the "security" industry. It is indeed comical.
He's doing the ops-y abuse-y bot-y stuff he's been doing for the last decade, from what I can tell. He's not in the branch of security that cares deeply about secure code.
And I'm sure these "free" programs, with all their vulnerabilities, have resulted in quite a few dollars in "consulting" fees which he and his "not-for-profit" (=pay no taxes) organization (ISC) has billed for "support" over the years.
Of course, there's nothing wrong with getting paid for your work. It's when you produce bug-ridden programs that are intended for widespread public use and then claim they are the "gold standard" that you may face criticism.
And now he's in the "security" industry. It is indeed comical.