Really, a million eyes on it? Okay, lets go with that,
to compile OpenSSl you need a compiler and an entire toolchain, an operatingsystem, microcode and hardware. In any layer it is possible for an organization such as NSA to do its dirty deeds.
They dont fabricate their own chips/hardware for fun. Well, maybe for fun too, but not only for fun.
Sure we can't go around trusting trust. OTOH most of the compilers in general use see a number of eyeballs. Ditto for the operating systems. I could even see this becoming the case for hardware eventually. An evil system must model the system that relies on it in order to attack that relying system, while remaining functional in general. The longer you make the chain that inserts your nasty code into higher-layer objects, the more complicated, fragile, and discoverable the attack becomes.
to compile OpenSSl you need a compiler and an entire toolchain, an operatingsystem, microcode and hardware. In any layer it is possible for an organization such as NSA to do its dirty deeds.
They dont fabricate their own chips/hardware for fun. Well, maybe for fun too, but not only for fun.