[kwlug-disc] given enough eyeballs, all bugs are shallow?

john at netdirect.ca john at netdirect.ca
Tue Feb 16 15:17:21 EST 2010

kwlug-disc-bounces at kwlug.org wrote on 02/16/2010 02:35:15 PM:
> Reviving this thread ...
> Microsoft pitches in re: "given enough eyeballs, all bugs are shallow".
> http://blogs.msdn.com/shawnhernan/archive/2010/02/13/microsoft-s-
> many-eyeballs-and-the-security-development-lifecycle.aspx
> Obviously, Microsoft has no love for that argument for known reasons ...
> And the Slashdot discussion
> http://tech.slashdot.org/story/10/02/16/0151226/Are-All-Bugs-
> Shallow-Questioning-Linuss-Law

I think Shawn Hernan makes some good points but his conclusions are 
faulty. This is typical of Microsoft rhetoric. Make compelling plausible 
points, aim the reader in a direction and hit them with a faulty or 
incomplete solution. In fact it's just all round good rhetoric, I bet MS 
patented it.

How many authors have submitted patches to the Linux kernel? I bet that 
number is high. Even more may have submitted patch ideas or identified 
faulty code to kernel developers. These are all invisible "eyes" that make 
developers much more efficient than those that had to hunt for bugs 
themselves. Hunting is usually the time-consuming part.

And open source developers aren't paid? What!! I read something recently 
that said that over 80% are paid contributors. These paid developers can 
leverage the huge advantage of extra eyeballs to make them more efficient.

I think that we will always find software projects, maybe even whole 
categories of open source that pales in comparison to their proprietary 
competitors. Proprietary software is good when there is a niche but 
lucrative market. This is also the area where open source often takes much 
longer to root. As a result I think it is easy for Microsoft to pick a 
niche product in Open Source and compare it to a big money maker in 
proprietary source and win. I don't doubt that and I bet they use those 
examples in their research.

I think another thing that applies is that open source has more heads and 
more heads are better than one. The deep discussion on salient points of 
reasonably popular projects has got to out-perform proprietary equivalent.

I always like to turn to Netscape Navigator as an example. When Sun open 
sourced the code it took two years for the community (and foundation) to 
clean the code up enough to create a release. I don't think this was 
cleansing proprietary code, it was cleansing fast and loose programming 
that is natural in a lot of proprietary code.

John Van Ostrand
Net Direct Inc.
564 Weber St. N. Unit 12
Waterloo, ON N2L 5C6
john at netdirect.ca
Ph: 866-883-1172
Linux Solutions / IBM Hardware
Fx: 519-883-8533

More information about the kwlug-disc mailing list