Home > slashdot > Are All Bugs Shallow? Questioning Linus’s Law

Are All Bugs Shallow? Questioning Linus’s Law

February 15th, 2010 02:34 admin Leave a comment Go to comments

root777 writes to point out a provocative blog piece by a Microsoft program manager, questioning one of the almost unquestioned tenets of open source development: that given enough eyeballs, all bugs are shallow. Are they? Shawn Hernan looks at DARPA’s Sardonix experiment and the Coverity static-analysis bug discovery program in open source projects to conclude that perhaps not enough eyeballs are in evidence. Is he wrong? Why? “Most members of the periphery [those outside the core developer group] do not have the necessary debugging skills … the vast numbers of ‘eyeballs’ apparently do not exist. … [C]ode review is hardly all that makes software more secure. Getting software right is very, very difficult. … Code review alone is not sufficient. Testing is not sufficient. Tools are not sufficient. Features are not sufficient. None of the things we do in isolation are sufficient. To get software truly correct, especially to get it secure, you have to address all phases of the software development lifecycle, and integrate security into the day-to-day activities.”

Source: Are All Bugs Shallow? Questioning Linus’s Law

Related Articles:

  1. Fixing Bugs, But Bypassing the Source Code
  2. Questioning Google’s Disclosure Timeline Motivations
  3. Google’s New Camera App Simulates Shallow Depth of Field
  4. Witness In Secret WikiLeaks Grand Jury Hearing Posts Transcript of Questioning
  5. Toyota Acceleration and Embedded System Bugs
blog comments powered by Disqus