Everipedia Logo
Everipedia is now IQ.wiki - Join the IQ Brainlist and our Discord for early access to editing on the new platform and to participate in the beta testing.
Linus's Law

Linus's Law

Linus's Law is a claim about software development, named in honor of Linus Torvalds and formulated by Eric S. Raymond in his essay and book The Cathedral and the Bazaar (1999).[1][2] The law states that "given enough eyeballs, all bugs are shallow"; or more formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone." Presenting the code to multiple developers with the purpose of reaching consensus about its acceptance is a simple form of software reviewing. Researchers and practitioners have repeatedly shown the effectiveness of various types of reviewing process in finding bugs and security issues,[3] and also that code reviews may be more efficient than testing.

Validity

In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".[5][6]

Although detection of even deliberately inserted flaws[7][8] can be attributed to Raymond's claim, the persistence of the Heartbleed security bug in a critical piece of code for two years has been considered as a refutation of Raymond's dictum.[9][10][11][12] Larry Seltzer suspects that the availability of source code may cause some developers and researchers to perform less extensive tests than they would with closed source software, making it easier for bugs to remain.[12] In 2015, the Linux Foundation's executive director Jim Zemlin argued that the complexity of modern software has increased to such levels that specific resource allocation is desirable to improve its security. Regarding some of 2014's largest global open source software vulnerabilities, he says, "In these cases, the eyeballs weren't really looking".[11] Large scale experiments or peer-reviewed surveys to test how well the mantra holds in practice have not been performed.

See also

  • Crowdsourcing

  • List of eponymous laws

  • Software peer review

  • Wisdom of the crowd

References

[1]
Citation Linkwww.catb.orgRaymond, Eric S. "The Cathedral and the Bazaar". catb.org.
Sep 29, 2019, 5:47 PM
[2]
Citation Linkbooks.google.comRaymond, Eric S. (1999). The Cathedral and the Bazaar. O'Reilly Media. p. 30. ISBN 1-56592-724-9.
Sep 29, 2019, 5:47 PM
[3]
Citation Linkbooks.google.comPfleeger, Charles P.; Pfleeger, Shari Lawrence (2003). Security in Computing, 4th Ed. Prentice Hall PTR. pp. 154–157. ISBN 0-13-239077-9.
Sep 29, 2019, 5:47 PM
[4]
Citation Linkbooks.google.comGlass, Robert L. (2003). Facts and Fallacies of Software Engineering. Addison-Wesley. p. 174. ISBN 0-321-11742-5. ISBN 978-0321117427.
Sep 29, 2019, 5:47 PM
[5]
Citation Linkbooks.google.comHoward, Michael; LeBlanc, David (2003). Writing Secure Code, 2nd. Ed. Microsoft Press. pp. 44–45, 615. ISBN 0-7356-1722-8.
Sep 29, 2019, 5:47 PM
[6]
Citation Linkbooks.google.comHoward, Leblanc. p 726.
Sep 29, 2019, 5:47 PM
[7]
Citation Linklwn.net"An attempt to backdoor the kernel".
Sep 29, 2019, 5:47 PM
[8]
Citation Linkfreedom-to-tinker.com"The Linux Backdoor Attempt of 2003".
Sep 29, 2019, 5:47 PM
[9]
Citation Linkwww.datamation.comBruce Byfield, "Does Heartbleed Disprove 'Open Source is Safer'?", Datamation, April 14, 2014 [1]
Sep 29, 2019, 5:47 PM
[10]
Citation Linkdoi.orgEdward W. Felten, Joshua A. Kroll, "Heartbleed Shows Government Must Lead on Internet Security" = "Help Wanted on Internet Security", Scientific American 311:1 (June 17, 2014) [2] doi:10.1038/scientificamerican0714-14
Sep 29, 2019, 5:47 PM
[11]
Citation Linkwww.esecurityplanet.comKerner, Sean Michael (February 20, 2015). "Why All Linux (Security) Bugs Aren't Shallow". eSecurity Planet. Retrieved February 21, 2015.
Sep 29, 2019, 5:47 PM
[12]
Citation Linkwww.zdnet.com"Did open source matter for Heartbleed?".
Sep 29, 2019, 5:47 PM
[13]
Citation Linkweb.archive.orgBehind Linus's law: A preliminary analysis of open source software peer review practices in Mozi
Sep 29, 2019, 5:47 PM
[14]
Citation Linkieeexplore.ieee.orgInt. Conf. on Collaboration Technologies and Systems (CTS), Philadelphia, PA
Sep 29, 2019, 5:47 PM
[15]
Citation Link//doi.org/10.1109%2FCTS.2011.592867310.1109/CTS.2011.5928673
Sep 29, 2019, 5:47 PM
[16]
Citation Linkieeexplore.ieee.orgthe original
Sep 29, 2019, 5:47 PM
[26]
Citation Linkwww.scientificamerican.com[2]
Sep 29, 2019, 5:47 PM
[32]
Citation Linkdoi.org10.1109/CTS.2011.5928673
Sep 29, 2019, 5:47 PM
[34]
Citation Linken.wikipedia.orgThe original version of this page is from Wikipedia, you can edit the page right here on Everipedia.Text is available under the Creative Commons Attribution-ShareAlike License.Additional terms may apply.See everipedia.org/everipedia-termsfor further details.Images/media credited individually (click the icon for details).
Sep 29, 2019, 5:47 PM