Summa summarum: RSA's C-binary's implementation is even more vulnerable than originally thought of (remember, it's the only one library that defaults to using dual EC DRBG).
As a fun little detail, OpenSSL's dual EC DRBG implementation was actually broken in the first place - guess no one ever had a reason to try out the orders of magnitude slower non-standard random number generator. Also, there's an extension in RSA's TLS implementation, which allows for sampling of larger pools of random numbers from the server, if enabled. Latter was provided by the same three-letter organisation they got the $10M of funding from.
Would have loved to see GnuTLS and NSS mentioned there... wonder if they ever implemented said random number generator.