“The recent incident in which Red Hat included a default log-in
for its Piranha clustering modules – raising security concerns
about the product – illustrates the point. Lead developer Philip
Copeland complained in an online diary that “the Piranha package
was literally nailed together a day before the CD had to be
finalised, so there was less than 24 hours for other people to
review the code.”
“Red Hat Linux 6.2 included parts that were rushed together
at the last minute, something like a commercial product being
stamped out on deadline. But Copeland’s complaint contains the clue
to the cure: “other people to review the code.“
“In most open source projects, other people review a
programmer’s work and review it with a certain amount of glee. The
code is banged on and tested in ways its author never intended,
because programmers with experience drawn from different parts of
the universe are preying on it, looking for holes.”