On Mon, 9 Oct 2017 14:39:42 +1300, Peter Reutemann wrote:
Security related domain: "for many areas of security functionality—crypto primitives implementation is a good example—the number of suitably qualified eyes is low."
So what exactly is the “myth”? The common form of the maxim seems to be “Many eyes make all bugs shallow”. But this seems a bit vague to me. How about this to be more specific: “Sufficiently many eyes make all bugs shallow”. Expressed that way, is it a myth? Consider also: “There will always be sufficiently many eyes”. Put that way, it seems pretty clear there will be cases (many cases!) where it is not true. But is it implied by the original form of the maxim? Because that is in fact what the article is addressing, is it not? But if it is not a reasonable conclusion from the maxim, then the whole argument becomes what is called a “strawman”: the article writer has set up a false claim only to shoot it down.