[kwlug-disc] given enough eyeballs, all bugs are shallow?
rarsa at yahoo.com
Wed Feb 17 13:05:18 EST 2010
I read with interest the whole article.
All the points are convincing taken at face value, Like his silogism example the problem is the premises: "Enough eyeballs" = "Code review".
And then goes to dismiss the main counterargument:
"You might argue that the mere fact that Coverity can do this work is just another set of eyeballs. But I reject that argument entirely."
"The real beneficiaries of the subsidy are not Coverity (who is providing a fine service), but other companies whose business model is primarily about services and not software."
OK, those "other" beneficiaries is at least every American that depends on Homeland security who commissioned the work.
It is clear that code is complex, that a very limited number of people are qualified to find bugs by "looking at the code" and that FLOSS needs to do more to improve quality and security but this is done project by project.
But it is also true that it is easier to have a third party run static analysis and for people to stress the software with dynamic analysis when you have access to the source.
Software, Hardware and Practices
An eclectic collection of random thoughts
The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
More information about the kwlug-disc