re: #9 Charles Johnson

The code that caused this is embarrassingly simple, and it’s kind of surprising nobody found it in two years. It’s a simple bounds checking error — a two-byte integer value that isn’t checked to make sure it really is a two-byte integer. But it’s a big open source project.

well of course bounds checking is typical of the kind of thing that should be caught in code review, so so much for the tremendous distributed code review that is supposed to be one of the benefits of open source projects

but beyond that, i don’t know why handing over a copy of a chunk of memory is necessary to implement heartbeat functionality, so it should have leapt out at them as a controversial solution, and one that would generate concern and attention

so it appears that the great benefit of code review and optimization by many eyes widely touted for open source never happened at all here:

Open Source For America

Benefits of Open Source Software

The Open Source model harnesses the power of distributed peer review and transparency to create high-quality, secure and easily integrated software at an accelerated pace and lower cost.

Primary benefits of open source software are:

Choice: By its very nature, the source code of open source software is available to all, meaning that no one company owns the software….

…Reliability: Open source is peer reviewed software, which leads to more reliability.