I think it will just take some time. I'm glad we have a solid start on a new alternative, and hopefully people will use it, scrutinize it, and improve it. It's a little unsettling to realize that when the next vuln in OpenSSL is discovered, it will likely effect 99% of servers on the Internet. (Or something like that.) I'd feel a little better if that percentage is brought down by something that isn't susceptible to those kinds of vulns in the first place.