Software experts have often spoken of the need to isolate your product from any specific implementation. If anything, this has become more important today.
There is great fun & profit in hacking software. Many are doing it, pretty much around the clock. These hacks can be purchased on various websites, in fact; no news here, just re-stating basic facts.
Now suppose your software uses a package from vendor X and X has chosen to use OpenSSL within. As we know, OpenSSL is a rich target with many known & fixed problems, but bad dudes are a persistent lot and will continue to attack. So then, if vendor X for some reason cannot keep pace with the changes to OpenSSL, guess who is left stranded?
Since your team has put in a layer surrounding Vendor X, you have long been considering Vendor Y’s offering and have a plan to swap them out, if need be.
And now you are totally bored reading about something completed eons ago…