That's code reuse for you... Don't reinvent the wheel, they say...
Okay, I'll bite.
Do you have any idea about the astronomical of critical bug that would be introduced if it weren't for code reuse? So we found a bug in a critical application. We fix it, we publish the solution, and we ask of people to patch their systems. Security bugs in OpenSSL are
not found very often, and most bugs usually lead to crashes or denial of services, not critical data recovery.
Despite heartbleed, OpenSSL is our best implementation of TLS/SSL. It's field tested, it has years of experience, that's what made it an industry standard. Encouraging devs to lay out their own implementation is a kind of "
security through obscurity", a method that has been proven not to work again and again. It's the equivalent of me trying to convince you to install my home-made lock on your door, instead of an industry standard one, because "burglars aren't used to try to crack it".
TL; DR: Don't implement your own crypto library, and be sure to apply patches when they're published, that's your best bet.