SecurityFocus.com: Falling Apart at the Seams [Security and Open Source]Sep 05, 2000, 12:45 (0 Talkback[s])
(Other stories by Kathleen Ellis, Jon Lasser)
"...Raymond's formulation of Linus's Law in his classic open source polemic The Cathedral and the Bazaar, that "Given enough eyeballs, all bugs are shallow," hints at the solution. Raymond also suggests that open source software need not fall prey to Brooks' Law, the belief that (in Raymond's words) "the complexity and communication costs of a project rise with the square of the number of developers, while work done only rises linearly." Raymond invokes Gerald Weinberg when adding, "in shops where developers are not territorial about their code, and encourage other people to look for bugs and potential improvements in it, improvement happens dramatically faster than elsewhere."
"Just as adding programmers to a project makes it later, so does it further divide both the understanding of the code base among the developers and the number of pieces out of which the program is built. In the open source world, the ability to reuse existing code and the freedom to examine and learn any piece of it increases the number of people who have the ability to check the joints between the components in terms of both the underlying knowledge of the system and the freedom to examine the code for flaws."
"Because the new inter-component security flaws differ so substantially from more traditional holes, a different sort of programmer is likely to find them. Open source allows the widest variety of coders to search the source for the flaws that they know best. This can only improve security."