(no title)

- how much code actually gets read outside of top 2-3 projects?

- how many of those readers can detect security problems?

- why are others inherently better at detecting problems than the author?

Wouldn’t 1000 lines read by 2 people be better than a million read by 10?