No the bug was found because some one was looking at the code. In fact it was a company developing a static code analyzer that used the available source of OpenSSL to test their analyzer that found it, interestingly enough also a Security Engineer from Google found it at roughly the same time. So yes it was found exactly because people where looking at the sources.
Had this been close source then none of the above would have found it.
Thas was becaue Codenomicon tried to develop a scanner cabable of catching errors such as this. Which is another side of the many eyeballs, i.e companies such as these uses the large amount of available source to develop and fine tune their scanners and we the community thus gets a free analysis of the sources.
If you have a procedure with 10 parameters, you probably missed some.