[kwlug-disc] given enough eyeballs, all bugs are shallow?

Fri Jan 8 12:01:22 EST 2010

To summarize the earlier arguments, it's not that FOSS is more secure, 
it is that the culture and environment in which or by which it is 
produced that makes it more secure. And, substantially, this occurs 
merely due to code (peer) review, not because it's FOSS. Part of 
Chris' point is that code review, wherever used, proprietary or not, 
is just as valuable.

So the culture of FOSS inherently brings value here. A culture that 
may or may not be present today in Windows, but most certainly wasn't 
at the beginning. And because so much code is reused, old Windows 
(DOS) code will have missed the inherent advantages of that culture 
and environment present from day one, in old FOSS code.

Further, that culture (e.g. 'code' repositories) has been present from 
day one (e.g. Linux OS development in the '80's, presumably) in 
everything, including documentation, with everybody looking at 
everything, in a collaborative manner. Including packaging - 
cooperating in harmony with the rest of the repositories. Securely, 
and in isolation with itself. (Likelihood of cross-package bugs / 
conflicts reduced?)

And, I'll bet, more software is available sooner in more languages 
than Windows, because these non-English eyeballs were able to see / 
review / contribute, let alone earlier in the process than just the 
internal development team.

And, the Linux environment itself, that up front you are not root, 
promotes and requires the awareness of security in a way that just 
isn't / wasn't present in Windows. Background services / tasks, for 
example. I'll bet the majority of Windows services in an enterprise 
run as root or equivalent, while the same in non-Windows is likely not 
true. The culture of creating individual service accounts, with just 
the permissions it needs, was present from day one. Or at least since 
'chroot' was written. Window's security obscurity and confusion makes 
it hard to isolate service accounts - when it was built in and more 
consistent followed from day one in non-Windows.

The key here, perhaps, is FOSS - internally developed non-FOSS 'Linux' 
code probably falls somewhere between the two extremes of proprietary 
developed Windows code, and public at large developed FOSS code.

If Netscape was available under Linux, perhaps it might be an 
interesting sample project - comparing the environment at the time it 
went belly up, to today, as Firefox.

Robert P. J. Day wrote, On 01/08/2010 5:35 AM:
> On Fri, 8 Jan 2010, Chris Frey wrote:
> 
>> On Fri, Jan 08, 2010 at 02:52:22AM -0500, Robert P. J. Day wrote:
>>>   any other thoughts?  i've always liked the idea of "given enough
>>> eyeballs, all bugs are shallow," but i don't think it can stand by
>>> itself.  i think the defense of OSS as being more secure needs
>>> more explicit points as to *why* it should be inherently more
>>> secure.
>> I think the maxim applies to both open and closed software.  The
>> main benefit that FLOSS has is that the eyeballs can see more of the
>> problem, and therefore it multiplies the usefulness of the work.
>>
>> But it works for closed source too.  There are untold hundreds of
>> blog posts and forum posts of poor end users figuring out
>> workarounds for their game systems or Microsoft Windows systems or
>> driver problems or virus issues.
>>
>> If you have a software problem, which platform would you rather use
>> your eyeballs on?  Open or Closed?
>>
>> But just because something is available doesn't mean it will be
>> looked at. Not everyone reads The Art of Computer Programming, but
>> most consider it a great work.  Same for FLOSS source code, in my
>> opinion.
> 
>   again, i agree with your points in general, but this sort of
> presentation still falls into the category of what i call "the warm
> fuzzies."  sure, it seems undeniable that OSS will be more secure, but
> i'm interested in some specific rationale for that.  and i think the
> arguments have to be made more precise.
> 
>   for instance, i think there's a difference in saying that OSS *is*
> automatically more secure versus claiming that it can more easily be
> *made* more secure.  even if one postulates that OSS is not inherently
> more secure by default, the argument could be made that, because of
> its internal visibility and the fact that bugs can be located and
> patches generated extremely quickly, OSS can be *made* more secure
> much more quickly than closed source software.  i think that argument
> stands on its own.
> 
>   that's the sort of thing i'm interested in -- arguments that go
> beyond the warm fuzzies and use precise and well-defined examples of
> *how* OSS is more secure.