[kwlug-disc] given enough eyeballs, all bugs are shallow?

Chris Frey cdfrey at foursquare.net
Tue Feb 16 18:06:07 EST 2010


On Tue, Feb 16, 2010 at 02:35:15PM -0500, Khalid Baheyeldin wrote:
> Reviving this thread ...
> 
> Microsoft pitches in re: "given enough eyeballs, all bugs are shallow".
> http://blogs.msdn.com/shawnhernan/archive/2010/02/13/microsoft-s-many-eyeballs-and-the-security-development-lifecycle.aspx
> 
> Obviously, Microsoft has no love for that argument for known reasons ...

I think Shawn Herman is setting up a strawman argument, and then
defeating it with examples that actually support the many-eyeballs
theory.

He directs our focus in the code-review direction, and then says
that we don't know how much code review there really is, and then says
that code review is but one part of security.

Then he gives us the Coverity example.  An example made possible because
there are 11.5 billion lines of open source code out there for them to
work with.

Are these not eyeballs as well?

- Chris




More information about the kwlug-disc_kwlug.org mailing list