Rich Freeman on 24 May 2011 06:04:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Microsoft's Many Eyeballs?

On Mon, May 23, 2011 at 4:08 PM, Stephen Slaughter
<> wrote:
> Is it true that open source code is reviewed by many fewer eyes than we
> might think?

Well, I am under no illusions that anybody who downloads the linux
source tarball does a careful and thorough analysis of the code.  I
download it all the time to build it, and I know I don't do such an

However, there are those out there who do.  They generally do not do
this with proprietary software unless somebody engages them and pays
them to do it.  Companies selling lots of shiny boxes of software
usually don't have incentive to spend money to get other people to
find bugs in their software - good enough to ship is good enough to

In my experience in a corporate world these kinds of things come in
cycles.  One year the buzzword is quality or whatever, and there is a
ton of money to spend on quality-oriented initiatives.  The next year
there is a different buzzword, and anything that was done to promote
quality becomes a point-in-time exercise, and things deteriorate until
it gets bad enough to warrant another quality blitz.

Also - quality matters a lot more than quantity.  In my experience the
kinds of developers contributing to FOSS tend to be a much higher
caliber than what you find in the typical megacorp.  That certainly
doesn't apply to anybody who writes FOSS code universally, but the
core of most serious projects tends to be a meritocracy.  That has its
downsides as well (many FOSS projects are not very customer-centric),
but the core team of most major FOSS projects tends to be VERY good at
scratching their own itches.

I think the main benefit of FOSS is that the code is there when I need
it.  If I have a problem I can go in and fix it.  If I don't know how
to fix it I probably can find somebody who does and convince them to
fix it for me (that might take money).  I can audit the code, or
convince somebody else to audit it for me.  The only thing I don't
have is somebody to sue, so due diligence is important.

With proprietary software you're basically at the mercy of the vendor.
 You don't even have the choice to go it alone.  You do have somebody
to sue, which is why corporations that pay their lawyers more than
their programmers often go this route.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --