No, it's not hindsight bias. I have posted (and so have others) on many public forums for years about the need for an audit of OpenSSL and OpenSSH and there have been many discussions about the sad state of the codebase in OpenSSL.
I can think of a particular discussion on the cryptography mailing list at randombit from ... two years ago ?
I can think of a particular discussion on the cryptography mailing list at randombit from ... two years ago ?