Indeed, "Given enough eyeballs, all bugs are shallow.".
In this specific case there are rumors that there we probably only 4 eyeballs involved, which apparently was not enough
Whatever said and done, there is big responsibility with the various Enterprise distributions and various hardware/software vendors that relied on OpenSSL for their business without doing their due diligence. Whether it was because they all expected the other to have covered that space, or because the particular source code is not easy to audit is less relevant. And I am sure that many companies are looking what can be done to improve their processes in this space.
I expect in the coming months to see more fixes for new vulnerabilities because of new audits and security testing.