[Cryptography] some eyeballs make bugs shallow?

[ianG]

http://www.bbc.co.uk/news/technology-28886462

NSA and GCHQ agents 'leak Tor bugs', alleges developer
By Leo Kelion Technology desk editor

Andrew Lewman: "The fact that we take a completely anonymous bug report
allows them to report to us safely"

British and American intelligence agents attempting to hack the "dark
web" are being deliberately undermined by colleagues, it has been alleged.

Spies from both countries have been working on finding flaws in Tor, a
popular way of anonymously accessing "hidden" sites.

But the team behind Tor says other spies are tipping them off, allowing
them to quickly fix any vulnerabilities.

...
He said leaks had come from both the UK Government Communications
Headquarters (GCHQ) and the US National Security Agency (NSA).

By fixing these flaws, the project can protect users' anonymity, he said.

"There are plenty of people in both organisations who can anonymously
leak data to us to say - maybe you should look here, maybe you should
look at this to fix this," he said. "And they have."

Mr Lewman said that his organisation received tips from security agency
sources on "probably [a] monthly" basis about bugs and design issues
that potentially could compromise the service.

However, he acknowledged that because of the way the Tor Project
received such information, he could not prove who had sent it.

"It's a hunch," he said. "Obviously we are not going to ask for any details.

"You have to think about the type of people who would be able to do this
and have the expertise and time to read Tor source code from scratch for
hours, for weeks, for months, and find and elucidate these super-subtle
bugs or other things that they probably don't get to see in most
commercial software.

"And the fact that we take a completely anonymous bug report allows them
to report to us safely."

...