Sciweavers

CCS
2009
ACM

Secure open source collaboration: an empirical study of linus' law

14 years 7 months ago
Secure open source collaboration: an empirical study of linus' law
Open source software is often considered to be secure. One factor in this confidence in the security of open source software lies in leveraging large developer communities to find vulnerabilities in the code. Eric Raymond declares Linus’ Law “Given enough eyeballs, all bugs are shallow.” Does Linus’ Law hold up ad infinitum? Or, can the multitude of developers become “too many cooks in the kitchen”, causing the system’s security to suffer as a result? In this study, we examine the security of an open source project in the context of developer collaboration. By analyzing version control logs, we quantified notions of Linus’ Law as well as the “too many cooks in the kitchen” viewpoint into developer activity metrics. We performed an empirical case study by examining correlations between the known security vulnerabilities in the open source Red Hat Enterprise Linux 4 kernel and developer activity metrics. Files developed by otherwiseindependent developer groups were m...
Andrew Meneely, Laurie A. Williams
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where CCS
Authors Andrew Meneely, Laurie A. Williams
Comments (0)