Writing for Buzzfeed, Chris Stokel-Walker looked at how having just two guys solely responsible for coding OpenSSL led to Heartbleed.
“You and I can look at that code all day long and we’re not going to find the Heartbleed flaw,” says Sophos Security’s Wisniewski. “These teams are very small and barely funded.”
There are lots of people looking at the code — many of them malicious — but only two guys who can change it. And they’re under constant pressure to add new features, which introduces new bugs.
(Via The Verge)