Confuzzled Researcher
> "Projects such as Tor, Tails, Debian and Ubuntu all need more eyes for audits which can improve the safety of the internet for everyone."
I have some bad news: Debian and Ubuntu isn't a single software package run by a handful of coders. It is a collection of tools and applications designed by others; They simply package it all up in a unified fashion for the end-user. You can't ask them to audit that much code pouring in; You'd need to basically xerox copy every programmer on the planet, then move them to an island filled with nothing but houses, debugging tools, and mountain dew, to make that fly.
The fact is, we can't afford to formally audit most of the stuff we use every day -- and even if we could, the auditing would take up more 'head space' than currently exists on the planet. We'd have 95% of the world's population breathing down the neck of the remaining 5% to make that fly. As in real life, auditing is never comprehensive, but rather more like how we inspect bridges: We look at the critical support members and spot check non-critical areas looking for systemic flaws.
So while yes, we do need more eyes looking for bugs, really, this is less about auditing than it is process control: Everything these days is black boxed. Or part of a proprietary API. Or... or... you get the idea. Most of what we program has already been done before... there's very little "new" going on in computers... contrary to what the latest iCommercial would have you believe. If we didn't have to reinvent the wheel with every new coding project, a lot less auditing would be needed. Open source is a step towards that, but it's not a solution by itself -- we need more than just "free" code, we also need people working to make more code reusable, modular, and accessible. By reducing the massive amounts of redundancy inherent in programming -- mostly due to legal, rather than technical, considerations, we can actually make a worthwhile investment in auditing.
But good luck ever getting that to happen... it would require basically throwing tens of thousands of business "leaders" into a shark pit to open the door to real change. And most of middle management. And their lawyers. And the law makers and politicians. Frankly, I just don't think there's enough sharks in the ocean right now to get the job done.
Someone needs to start breeding more sharks.