It has been reported that OpenBSD has patched four vulnerabilities including privilege escalation flaws and a remotely exploitable authentication bypass.
Commenting on this, Jonathan Knudsen, senior security strategist at Synopsys, said “Eric Raymond famously said “given enough eyeballs, all bugs are shallow.” What he meant was that if you have enough developers examining your software for enough time, eventually nearly all bugs will be found and fixed. While this is probably true, it’s the enough eyeballs part that is difficult. OpenBSD is estimated to contain nearly three million lines of code. How many eyeballs do you need for that? How much time?