Questioning the Reasoning about FLOSS Being More Secure

Slashdot links to an article asking whether Linus’s Law is true of open source software. Eric Raymond coined the law, that many eye balls make bugs shallow, arguing for the higher reliability and security of open source projects.

Even considering the source, a program manager from Microsoft, this sort of question of conventional wisdom is useful. Bear in mind that the Slashdot lead is a bit buried. The question is not whether Linus’s Law is valid but whether it is more general true of open source software versus proprietary software.

I reject some of the premises the author advances. I don’t think salary is guaranteed to be a more powerful motivator for expert code review. In fact, I have seen first hand where a secure position yields an utter lack of ownership, absence of intellectual curiosity, and a “just enough and no more” attitude. There also has been quite a bit of research suggesting that money alone is not enough of an incentive to yield the passionate commitment required. In many cases, it can be a de-motivator. I won’t even get into my objections to proscriptive process alone.

Whether you agree with the conclusions, I think this exercise is worthwhile, though. It refines the way we think about the qualities of software and how we achieve or fail to achieve them. Even if we reject the arguments, the process of considering them may help suggest areas for improvement, regardless.

Leave a Reply

Your email address will not be published. Required fields are marked *