Linus's law: Difference between revisions

There are two statements named Linus's Law: one by Eric S. Raymond concerning software bug detection by a community, and the other by Linus Torvalds about the motivations of programmers.

By Eric Raymond

Linus's Law as described by Raymond is a claim about software development, named in honor of Linus Torvalds and formulated by Raymond in his essay and book "The Cathedral and the Bazaar" (1999).^[1][2] The law states that "given enough eyeballs, all bugs are shallow"; or more formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone." Presenting the code to multiple developers with the purpose of reaching consensus about its acceptance is a simple form of software reviewing. Researchers and practitioners have repeatedly shown the effectiveness of various types of reviewing process in finding bugs and security issues,^[3] and also that reviews may be more efficient than testing. It has been suggested that the availability of source code may cause developers and researches to not perform the same extensive tests they give to closed source software, making it easier for bugs to get through.^[4]

In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and additional reviewers above this number uncover bugs at a much lower rate.^[5] While closed-source practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".^[6][7]

Although the law has proven its worth in detecting even deliberately-inserted flaws,^[8][9] the persistence of the Heartbleed security bug in a critical piece of code for two years has been considered as a refutation of Raymond's dictum.^[10][11]

By Linus Torvalds

In the book The Hacker Ethic and the Spirit of the Information Age (2001), Torvalds introduces his law in the prologue "What Makes Hackers Tick? a.k.a. Linus's Law", suggesting that every motivation that makes a person do something can be classified under "survival", "social life" or "entertainment".^[12] As a result, he writes, progress is defined as reaching a higher category; that is, not doing a thing merely for survival, but for social reasons, and then, even better, just for fun. This is essentially a trivial restating of Maslow's hierarchy of needs from 1943.

Modern remarks

The complexity of software has increased into such levels that it has been pointed out that in practice proper funding is needed to manage bugs in modern software.^[13] The resources of volunteer hackers do not suffice alone anymore, but they still continue to provide great additional value in the ecosystem.

See also

• Collaborative software development model
• Crowdsourcing
• List of eponymous laws
• Maslow's hierarchy of needs
• Software peer review
• Wisdom of the crowd

References

1. Raymond, Eric S. "The Cathedral and the Bazaar". catb.org.
2. Raymond, Eric S. (1999). The Cathedral and the Bazaar. O'Reilly Media. p. 30. ISBN 1-56592-724-9.
3. Pfleeger, Charles P.; Pfleeger, Shari Lawrence (2003). Security in Computing, 4th Ed. Prentice Hall PTR. pp. 154–157. ISBN 0-13-239077-9.
4. "Did open source matter for Heartbleed?".
5. Glass, Robert L. (2003). Facts and Fallacies of Software Engineering. Addison-Wesley. p. 174. ISBN 0-321-11742-5. ISBN 978-0321117427.
6. Howard, Michael; LeBlanc, David (2003). Writing Secure Code, 2nd. Ed. Microsoft Press. pp. 44–45, 615. ISBN 0-7356-1722-8.
7. Howard, Leblanc. p 726.
8. "An attempt to backdoor the kernel".
9. "The Linux Backdoor Attempt of 2003".
10. Bruce Byfield, "Does Heartbleed Disprove 'Open Source is Safer'?", Datamation, April 14, 2014 [1]
11. Edward W. Felten, Joshua A. Kroll, "Heartbleed Shows Government Must Lead on Internet Security" = "Help Wanted on Internet Security", Scientific American 311:1 (June 17, 2014) [2] doi:10.1038/scientificamerican0714-14
12. Himanen, Pekka; Torvalds, Linus; Castells, Manuel (2001). The Hacker Ethic. Random House. p. xiv. ISBN 0-375-50566-0.
13. eSecurity Planet - Why All Linux (Security) Bugs Aren't Shallow

Further reading

• Jing Wang; J.M. Carroll (2011-05-27). Behind Linus's law: A preliminary analysis of open source software peer review practices in Mozi. Int. Conf. on Collaboration Technologies and Systems (CTS), Philadelphia, PA . IEEE Xplore Digital Library. pp. 117–124. doi:10.1109/CTS.2011.5928673. Archived from the original (PDF) on 2012-09-17. Retrieved 2014-08-11. {{cite conference}}: External link in |conferenceurl= (help); Unknown parameter |conferenceurl= ignored (|conference-url= suggested) (help); Unknown parameter |deadurl= ignored (|url-status= suggested) (help)