I was think along the same lines. It great that OpenSSL have improved quality, yet it feels like they're rewarded for cleaning up their own mess.
Honestly, given the background for the award, cleaning up your code base shouldn't qualify you:
> The prize honors significant contributions to real-world cryptography and celebrates recent advances that have had a major impact on the practice of cryptography and its use in real-world systems.
Improving code quality doesn't actually impact "the practice of cryptography".
> It great that OpenSSL have improved quality, yet it feels like they're rewarded for cleaning up their own mess.
Though to be honest, an insane amount of stuff relies on OpenSSH for their security, and has for years. If their code was messy earlier, ok, but they have still been basically de facto standard SSH client for much of networking. I'd say their prize is well earned.
Honestly, given the background for the award, cleaning up your code base shouldn't qualify you:
> The prize honors significant contributions to real-world cryptography and celebrates recent advances that have had a major impact on the practice of cryptography and its use in real-world systems.
Improving code quality doesn't actually impact "the practice of cryptography".