> I have a modification to many eyes that makes it relevant, which is many eyes make bugs shallow when the code is simple enough.
Many eyes would make many bugs shallow if there only were said eyes.
The problem is that very few people lift a pinky to help audit & secure the software they use. Nobody reads the code. And then when disaster strikes a particular well known & widely used project and people start paying attention, they notice the code is full of low-hanging fruit that anyone could've fixed (nobody did).
Even when people read code and find bugs (as I often do), they're too busy to actually report let alone fix them.
It's so comfortable to pretend that someone else must've audited the code for you because it's open sauce. So you don't have to :-)
Many eyes would make many bugs shallow if there only were said eyes.
The problem is that very few people lift a pinky to help audit & secure the software they use. Nobody reads the code. And then when disaster strikes a particular well known & widely used project and people start paying attention, they notice the code is full of low-hanging fruit that anyone could've fixed (nobody did).
Even when people read code and find bugs (as I often do), they're too busy to actually report let alone fix them.
It's so comfortable to pretend that someone else must've audited the code for you because it's open sauce. So you don't have to :-)