Adam Williamson <adamwill(a)fedoraproject.org> writes:
...and yet despite being so easy to review it somehow had a major
security vulnerability ever since it was written.
This is not a good metric. easy to review != was sufficiently reviewed,
and getting sufficient code review might be the hardest problem in
software engineering.
Additionally, if a project has never had an issue, it's just as likely
that no one has ever really looked at it than that it's "safer".
Be well,
--Robbie