Re^2: Code Inspections in Open Source projectsby mpeg4codec (Pilgrim)
|on Jan 17, 2008 at 18:04 UTC||Need Help??|
As the link above states, the OpenBSD team continuously systematically audits their software. However, as the BSDs have so much cross-pollination in their codebases, it ends up being an interesting hybrid approach. I can recall a few instances where bugs that slipped by OpenBSD's security reviewers were caught by folks on the NetBSD team doing non-systematic general reviews.
If nothing else, it proves that more eyes on a piece of code leads to more secure code, systematic reviews or not, which is one of the real strengths of open source.