Re: So much for "given enough eyeballs, all bugs are shallow"
To be fair, I don't think the challenge is unique to open source software; we've seen plenty of examples of proprietary closed software show up with similar catastrophic failures -- probably as a result of the same root cause: "Nobody Noticed". What the crux really is, I think, in agreement with you, is the false premise that there are "enough eyeballs" or that those eyeballs are looking at the things they should actually be looking at. It takes a very unique and sophisticated mindset to trace through code and ponder the "What If? scenarios. Sometimes those "What If?" scenarios were pondered in testing, but considered too "edge-case" to warrant writing the test suites. That, maybe, ought to be a red-flag unto itself, because it's the edge-case scenarios that are being leveraged for many of today's exploits.