It's easy to rubbish OpenSSL now.
But, for over 15 years it's been used by everyone. Small software writers and big business alike. It allowed many large companies to use cryptography without employing their own specialists. Everyone was happy.
But, at any time these companies with the resources could have reviewed the code. Anyone else could have reviewed the code. It seems it was never done, or at least not done regularly enough.
Also I think the other problem is one that any medium to large suite of software reaches. That a lot of old code that will probably never be used remains. People are too scared to remove it, or even revisit it in case they break something. All the while, old development styles persist in older code. But again no-one wants to rewrite it, lest they introduce new issues with their rewrite.
What is left is a mashed up mix of coding styles all linked together to create quite a mess. So, something like this was inevitable.
A complete rewrite would be a good thing. But, I don't really think it should be a fork, or for a specific OS. I personally (with no real knowledge in the area, casting judgement!) think it should be OpenSSL 2.0. I think some of the big businesses that have saved so much money over the years could provide some useful resources to this endeavor. Let's face it, most routers are running this, our phones, most of the big websites were running behind it. If these guys could spare some resources, along with the OpenSSL development team, and anyone else who has the time and expertise. Rewrite this behemoth, from scratch. Omitting any obsolete processes. Aligning to a single design style. Maybe, we could get past this and move on.
Back to my point. Calling the developers incompetent is easy to do now. But, EVERY person that used OpenSSL and never reviewed it, can receive the same label. Sadly, that includes me. Only once mind you, and then just to sign a bank payment file. But, all the same. We all (developers) use these libraries never really knowing (or sometimes even caring) how they work internally until something like this happens.
Ignorance is not bliss!