Section 4.1. Many Eyes

Previous page
Table of content
Next page

4.1. Many Eyes

Although it's still often used as an argument, it seems quite clear to me that the "many eyes" argument,[15] when applied to security, is not true. It is worth remembering what was originally said: "Many eyes make all bugs shallow" (Eric S. Raymond). I believe this is actually true, if read in the right context. Once you have found a bug, many eyes will, and indeed, do, make fixing it quick and easy.

[15] The argument is that if enough people look at the code, bugs (and hence security issues) will be found before they bite you.

Security vulnerabilities are no different in this respectonce they are found, they are generally easy to track down and fix (the Apache chunked encoding vulnerability was the hardest I've ever had to track, and even that took only one long day's work). But vulnerabilities aren't like bugs in that senseuntil they are discovered. Once you find them, you have a recipe for making the software behave unexpectedly. Until that time, what do you have? A piece of software that does what you expect.

The idea that bugs and security vulnerabilities are really the same thing is quite wrongand it's an idea that I suspect has been perpetrated by the reliability community,[16] sensing a new source of funding. Software is reliable if it does what is expected when operated as expected. It is secure if it does what is expected under all circumstances. This is a very critical difference, indeed. Nonsecurity bugs have a significant qualitative difference from security bugspeople don't go out of their way to find bizarre things to do to make the software go wrong just for the fun of it. And if they do, and it's not a security hole...well, yes, that's interesting, and we'll fix it one day but, in the meantime, you didn't need that functionality, so just stop poking yourself in the eye and it will stop hurting.

[16] Academics who study the reliability, as opposed to the security, of computer systems.

What has happened is that advocates of open source have taken the "many eyes" argument to mean that because the source is available, many people will examine it for weaknesses. This simply isn't true: most people never look at the source at all (until it doesn't work), and even if they do, most do not have the experience to find the problems. The argument simply does not hold water, and it's time we, as a community, abandon it.

However, there is an important sense in which the "many eyes" theory holds a grain of truth: those who want to look at the source to check for vulnerabilities, can. The interesting question is whether those who want to look the the code are generally the good guys or the bad guys. But this is a question I will come to later, when I compare open and closed source.


Previous page
Table of content
Next page
Open Sources 2.0
Open Sources 2.0: The Continuing Evolution
ISBN: 0596008023
EAN: 2147483647
Year: 2004
Pages: 217
Authors: Chris DiBona, Mark Stone, Danese Cooper
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
Image Processing with LabVIEW and IMAQ Vision
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
The Java Tutorial: A Short Course on the Basics, 4th Edition
InDesign Type: Professional Typography with Adobe InDesign CS2
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy