[kwlug-disc] given enough eyeballs, all bugs are shallow?

Lori Paniak ldpaniak at fourpisolutions.com
Fri Jan 8 23:06:00 EST 2010 

I would group the bug-squashing you describe as part of the code
development process in which the experts who write the code get a chance
to debug it.  This step should be the same for open or closed source
code.  Hopefully, 99%+ of bugs are filtered out at this level!

I guess I'm asking what is the advantage of an end-user with the source
code and valgrind over an end-user with a binary blob for the purposes
of identifying bugs?  Especially those related to security.

It seems that giving the masses access to code in development is a way
for FOSS projects to leverage the community advantage for improving code
quality.  Too bad many projects forgo this and just push out a tarball
every few months.

I look forward to your response to Rob's original question.

On Fri, 2010-01-08 at 19:34 -0800, Raul Suarez wrote:
> I'll write my thoughts to the original question in a subsequent reply, but I couldn't resist answering Lori.
> 
> --- On Fri, 1/8/10, Lori Paniak <ldpaniak at fourpisolutions.com> wrote:
> > I suspect that the vast majority of bugs in a piece of code
> > are found by end-users in the course of normal usage, not by people
> > reading source code (has anyone ever *discovered* a bug by reading the
> > source?).  If true, then there is no open source advantage for finding
> > bugs.  The advantage arrives when it is time to fix the bugs.
> 
> Having worked on software development for long enough I can tell you that MOST of the bugs should be found during development.
> 
> Accessing the code allows you to do code walk through, code static analysis or profiling and debugging with access to the internal symbols.
> 
> Of course many more are found through testing. Here FLOSS also has an advantage when people can test the code repository versions, even at earlier stages of implementation.
> 
> Whether people are using that advantage can be argued. I just wanted to refute that most bugs are found by users. That's a terrifying thought.
> 
> Raul Suarez
> 
> Technology consultant
> Software, Hardware and Practices
> _________________
> http://rarsa.blogspot.com/ 
> An eclectic collection of random thoughts
> 
> 
> 
>       __________________________________________________________________
> The new Internet Explorer® 8 - Faster, safer, easier.  Optimized for Yahoo!  Get it Now for Free! at http://downloads.yahoo.com/ca/internetexplorer/
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20100108/f0729050/attachment.sig>

More information about the kwlug-disc mailing list