This is all public. The code is public, the comments are public.
OpenSSL is also public and we didn't avoid the Heartbleed Bug. So the OP question is valid.
To be valid, a question must be answerable. This one is not.
But the process is about as good as anyone on the planet knows how to make it. If you have patches, for either the code or the process, we'd all be glad to hear from you.