On 02/11/17 07:13, H. S. Teoh wrote:
There is another side to this argument, though. How many times have *you* reviewed the source code of the software that you use on a daily basis? Do you really*trust* the code that you theoretically*can* review, but haven't actually reviewed? Do you trust the code just because some random strangers on the internet say they've reviewed it and it looks OK?
This question misses the point. The point is not that you, personally, review every piece of code that you use. That is, if not completely impossible, at least highly impractical.
The real point is that it is *possible* to review the code you use. You don't have to personally review it, so long as someone did.
I think the best example of how effective this capability is is when it, supposedly, failed: OpenSSL and HeartBlead.
Recap: some really old code in OpenSSL had a vulnerability that could remotely expose secret keys from within the server. The model came under heavy criticism because it turned out that despite the fact that OpenSSL is a highly used library, it's code was so convoluted that nobody reviewed it.
The result: a massive overhaul effort, lead by the OpenBSD team, which resulted in a compatible fork, called LibreSSL.
In other words, even when the "many eyes" assumption fails, the recovery is much faster than when the code is close.
Shachar
