re: #4 goddamnedfrank

On a project like SSL is code really only reviewed once? If true that’s kind of shocking. Especially considering the wide ranging financial impact it has.

Clinical drug trial data is gathered at the source doctor’s office then entered into computer twice independently,then reviewed, and verified again before it goes on to more thorough scrubbing and statistical analysis. Then it’s randomly audited. All designed to detect various species of errata.

ope source projects like ssl hypothetically benefit from extensive peer review - this is often touted as one of the main benefits of open source software

but the review is entirely voluntary and apparently never happened in this particular case