[kwlug-disc] given enough eyeballs, all bugs are shallow?
ldpaniak at fourpisolutions.com
Fri Jan 8 23:06:00 EST 2010
I would group the bug-squashing you describe as part of the code
development process in which the experts who write the code get a chance
to debug it. This step should be the same for open or closed source
code. Hopefully, 99%+ of bugs are filtered out at this level!
I guess I'm asking what is the advantage of an end-user with the source
code and valgrind over an end-user with a binary blob for the purposes
of identifying bugs? Especially those related to security.
It seems that giving the masses access to code in development is a way
for FOSS projects to leverage the community advantage for improving code
quality. Too bad many projects forgo this and just push out a tarball
every few months.
I look forward to your response to Rob's original question.
On Fri, 2010-01-08 at 19:34 -0800, Raul Suarez wrote:
> I'll write my thoughts to the original question in a subsequent reply, but I couldn't resist answering Lori.
> --- On Fri, 1/8/10, Lori Paniak <ldpaniak at fourpisolutions.com> wrote:
> > I suspect that the vast majority of bugs in a piece of code
> > are found by end-users in the course of normal usage, not by people
> > reading source code (has anyone ever *discovered* a bug by reading the
> > source?). If true, then there is no open source advantage for finding
> > bugs. The advantage arrives when it is time to fix the bugs.
> Having worked on software development for long enough I can tell you that MOST of the bugs should be found during development.
> Accessing the code allows you to do code walk through, code static analysis or profiling and debugging with access to the internal symbols.
> Of course many more are found through testing. Here FLOSS also has an advantage when people can test the code repository versions, even at earlier stages of implementation.
> Whether people are using that advantage can be argued. I just wanted to refute that most bugs are found by users. That's a terrifying thought.
> Raul Suarez
> Technology consultant
> Software, Hardware and Practices
> An eclectic collection of random thoughts
> The new Internet Explorer® 8 - Faster, safer, easier. Optimized for Yahoo! Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the kwlug-disc_kwlug.org