Enterprise Unix Roundup: Linus' Law in Effect By Michael Hall -- "Given enough eyeballs, all bugs are shallow," goes the open source verity popularly known as "Linus' Law."
The thrust of Linus' Law is less about security than it is the general process of assuring quality in software, but it certainly resonates with a general current of thought among open source advocates, which is that having source code available for review and audit helps ensure potentially dangerous bugs are more easily neutralized.
The effects of source code that is freely available will always be a topic of heated discussion. On one hand, the closed source guys say the open source gives blackhats the opportunity to find bugs and vulnerabilities more easily; and on the other hand, the open source guys say that it gives the whitehats the opportunity to fix potential bugs and vulnerabilities before they are exploited.
There is, however, another side of the argument on behalf of open source. I read this somewhere a few months ago and I don't remember where, but it went something like this:
the benefit of open source has less to do with finding bugs easier than it does with writing less bugs in the beginning. You see, if you are writing a piece of software that you know will be available to the whole world in source code, then you are much more likely to code accordingly, i.e. cleaner, simpler, and generally less buggy because of the extra care taken.
I tend to agree with this more than the more popular argument.
12/19/04: Evidence of Open Source Effectiveness
Enterprise Unix Roundup: Linus' Law in Effect By Michael Hall -- "Given enough eyeballs, all bugs are shallow," goes the open source verity popularly known as "Linus' Law." The thrust of Linus' Law is less about security than it is the general process of assuring quality in software, but it certainly resonates with a general current of thought among open source advocates, which is that having source code available for review and audit helps ensure potentially dangerous bugs are more easily neutralized.
The effects of source code that is freely available will always be a topic of heated discussion. On one hand, the closed source guys say the open source gives blackhats the opportunity to find bugs and vulnerabilities more easily; and on the other hand, the open source guys say that it gives the whitehats the opportunity to fix potential bugs and vulnerabilities before they are exploited. There is, however, another side of the argument on behalf of open source. I read this somewhere a few months ago and I don't remember where, but it went something like this: the benefit of open source has less to do with finding bugs easier than it does with writing less bugs in the beginning. You see, if you are writing a piece of software that you know will be available to the whole world in source code, then you are much more likely to code accordingly, i.e. cleaner, simpler, and generally less buggy because of the extra care taken. I tend to agree with this more than the more popular argument.