“You can write software that has no obvious bugs or you can write software that obviously has no bugs.”

I think that was ewd?

You can, of course, also write programs that have known bugs. Or even programs that have bugs that obviously shouldn't be there, but are anyway.

Not if 1000 lines are written by you alone and not checked by anyone else vs 5 million lines of code written by thousands of people and checked by countless more. Linux is probably more secure than 1000 lines of C code from a junior developer.

I think this is vastly overrated:

- how much code actually gets read outside of top 2-3 projects?

- how many of those readers can detect security problems?

- why are others inherently better at detecting problems than the author?

Wouldn’t 1000 lines read by 2 people be better than a million read by 10?