[mananaysiempre]

Imagine all of your bugs were security bugs, hacking (and profiting from the results) was legal and incredibly lucrative, and (as a result) almost the entire available pool of testers was at best grey-hats each with their own political agenda. Even if you also had Designated Testers with lifetime appointments, would you expect them to do better in a year than a well-paid hacker could in a couple of weeks? Especially if the former category, though well-paid, is considerably understaffed and thus overworked, due in part to how hard it is to establish competence and good faith of a candidate?

I’m not sure this is a good metaphor, but I think the main thrust should be true: the whole thing is adversarial like you’ve never seen, and that’s not at all the best way to establish truth, just the best you can do without trust assumptions. (Law : science and engineering :: democracy : benevolent dictatorship.)