Yeah, that's pretty much the issue. And not in a "yeah, that's a nice simplification for a comic". That's how it works.
As (something of) a developer, I think Heartbleed is for our sins. Covered in more detail here
, but we built a large part of the internet's security on an open source project with one full time employee and a very small band of other contributors. The offending functionality was pushed on New Year's Eve, where instead of partying hard this one dude was trying to improve OpenSSL.
Anyone who donates more than 20k to OpenSSL development gets their logo featured here: http://www.openssl.org/support/donations.html
There are no logos. Nobody is looking after this little team that two thirds of the web rely on.