On Mon, 01 Apr 2024 13:50:22 -0500 John Hasler <j...@sugarbit.com> wrote:
> Joe writes: > > I think this was amply demonstrated by Heartbleed, where the > > offending code was examined by *one* other pair of eyes, before > > approval was granted for inclusion in OpenSSL. > > The "many eyes" phase comes after release. Which didn't happen, at least not for two years. I would suggest that for any software as critical as OpenSSL, more than one pair of eyes would have been appropriate *before* release. -- Joe
