How true is this?

Indeed, only a handful of people in the entire world can code review cryptographic software like OpenSSL. It is very likely easy to hide theoretical (theory in the mathematics-sense) backdoors in open source since the cryptography community is super secretive (only privileged people have access to academic literature on the subject!).

if by handful you mean tens of thousands.

depends how big are those hands

only privileged people have access to academic literature on the subject!

what? why?

>>4
because journals make money gatekeeping access to research by perpetuating an ancient buisiness model that is no longer relevant

>>5
Is that why you can't spell the word "business"? Fucking liberal commie.

Apparently >>5-kun lives in the land-of-no-libraries.

Aaron Swartz died for your right to have everything for free. You are literally shitting on his rotting corpse every time you pay for the fruits of science that millions like him stood up to the racist government by bravely unfriending MIT on Facebook.

Information wants to be free.

>>8
Sure. Try spending your money into writing new information and then give us all the results.

>>9
The results are winblows and muc

For actual crypto code this is within an order of magnitude or so of being true.

However, the error that prompted this discussion was in protocol datagram munging code that can be understood by anyone with a few years programming experience and a copy of the relevant specification. If your only desire is to find vulnerabilities you needn't even have an understanding of the protocol... buffer overflow type bugs are routinely found by people who just happen to be using a different static analysis tool than the original developer.

I'd also like to add that theoretical backdoors are far more difficult than implementation backdoors.

>>8
literally? I don't even know where his corpse is, or is there some sort of nationwide sewer router controlled by the purchasing databases?

It's not easily to hide backdoors, and what the fuck is a "theoretical backdoor in the math sense"? who wrote that?
Also the "cryptography community" is everything but "super secretive": there are tens of mailing lists, forums, chat rooms, blogs, websites, and events that are open for anyone. There are also thousands of books and papers that any kid can download.

Your quote OP, is the most stupid piece of text I have ever read.

>>14
I'm not >>1 , but if you don't know what is meant by ``theoretical backdoor in the math sense'' you should read https://www.schneier.com/essay-198.html .

>>15
I know what a backdoor in a crypto primitive is and I understood what OP's quote was trying to say, the problem is that nobody use the expression "theoretical backdoor" in the field because it's wrong and it shows that you don't know what a theory is in the first place.

>>16
You are arguing over simple word choice. >>15 don't respond to eym