SecurityFocus.com: Falling Apart at the Seams [Security and Open Source]

“…Raymond’s formulation of Linus’s Law in his classic open
source polemic The Cathedral and the Bazaar, that “Given enough
eyeballs, all bugs are shallow,” hints at the solution. Raymond
also suggests that open source software need not fall prey to
Brooks’ Law, the belief that (in Raymond’s words) “the complexity
and communication costs of a project rise with the square of the
number of developers, while work done only rises linearly.” Raymond
invokes Gerald Weinberg when adding, “in shops where developers are
not territorial about their code, and encourage other people to
look for bugs and potential improvements in it, improvement happens
dramatically faster than elsewhere.”

“Just as adding programmers to a project makes it later, so does
it further divide both the understanding of the code base among the
developers and the number of pieces out of which the program is
built. In the open source world, the ability to reuse existing code
and the freedom to examine and learn any piece of it increases the
number of people who have the ability to check the joints between
the components in terms of both the underlying knowledge of the
system and the freedom to examine the code for flaws.”

Because the new inter-component security flaws differ so
substantially from more traditional holes, a different sort of
programmer is likely to find them. Open source allows the widest
variety of coders to search the source for the flaws that they know
best. This can only improve security.


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis