Sie sind auf Seite 1von 2

Linus's Law

Linus's Law is a claim about software development, named in honor of Linus Torvalds and formulated by Eric S. Raymond in his
essay and book The Cathedral and the Bazaar(1999).[1][2] The law states that "given enough eyeballs, allbugs are shallow"; or more
formally: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix
obvious to someone." Presenting the code to multiple developers with the purpose of reaching consensus about its acceptance is a
simple form of software reviewing. Researchers and practitioners have repeatedly shown the effectiveness of various types of
[3] and also that code reviews may be more efficient than testing.
reviewing process in finding bugs and security issues,

Contents
Validity
See also
References
Further reading

Validity
In Facts and Fallacies about Software Engineering, Robert Glass refers to the law as a "mantra" of the open source movement, but
calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are
uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers,
between two and four, and additional reviewers above this number uncover bugs at a much lower rate.[4] While closed-source
practitioners also promote stringent, independent code analysis during a software project's development, they focus on in-depth
[5][6]
review by a few and not primarily the number of "eyeballs".

Although detection of even deliberately inserted flaws[7][8] can be attributed to Raymond's claim, the persistence of the Heartbleed
security bug in a critical piece of code for two years has been considered as a refutation of Raymond's dictum.[9][10][11][12] Larry
Seltzer suspects that the availability of source code may cause some developers and researchers to perform less extensive tests than
they would with closed source software, making it easier for bugs to remain.[12] In 2015, the Linux Foundation's executive director
Jim Zemlin argued that the complexity of modern software has increased to such levels that specific resource allocation is desirable
to improve its security. Regarding some of 2014's largest global open source software vulnerabilities, he says, "In these cases, the
eyeballs weren't really looking".[11] Large scale experiments or peer-reviewed surveys to test how well the mantra holds in practice
have not been performed.

See also
Crowdsourcing
List of eponymous laws
Software peer review
Wisdom of the crowd

References
1. Raymond, Eric S. "The Cathedral and the Bazaar"(http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-baz
aar/ar01s04.html). catb.org.
2. Raymond, Eric S. (1999).The Cathedral and the Bazaar(https://books.google.com/books?id=F6qgFtLwpJgC&pg=P
A30#v=onepage&f=false). O'Reilly Media. p. 30. ISBN 1-56592-724-9.
3. Pfleeger, Charles P.; Pfleeger, Shari Lawrence (2003).Security in Computing, 4th Ed(https://books.google.com/book
s?id=O3VB-zspJo4C&pg=PA154#v=onepage&f=false). Prentice Hall PTR. pp. 154–157. ISBN 0-13-239077-9.
4. Glass, Robert L. (2003).Facts and Fallacies of Software Engineering(https://books.google.com/books?id=3Ntz-UJz
ZN0C&pg=PA174#v=onepage&f=false). Addison-Wesley. p. 174. ISBN 0-321-11742-5. ISBN 978-0321117427.
5. Howard, Michael; LeBlanc, David (2003).Writing Secure Code, 2nd. Ed(https://books.google.com/books?ei=1jA
VTY
K1CI7EsAPilv3GAg&ct=result&id=Uafp7m2wPcMC&dq=W riting+Secure+Code&q=review#search_anchor) .
Microsoft Press. pp. 44–45, 615. ISBN 0-7356-1722-8.
6. Howard, Leblanc. p 726 (https://books.google.com/books?ei=1jA
VTYK1CI7EsAPilv3GAg&ct=result&id=Uafp7m2wP
cMC&dq=Writing+Secure+Code&q=religious#search_anchor).
7. "An attempt to backdoor the kernel"(https://lwn.net/Articles/57135/).
8. "The Linux Backdoor Attempt of 2003"(https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-200
3/).
9. Bruce Byfield, "Does Heartbleed Disprove 'Open Source is Safer'?",Datamation, April 14, 2014 [1] (http://www.data
mation.com/open-source/does-heartbleed-disprove-open-source-is-safer-1.html)
10. Edward W. Felten, Joshua A. Kroll, "Heartbleed Shows Government Must Lead on Internet Security" = "Help W anted
on Internet Security", Scientific American 311:1 (June 17, 2014) [2] (http://www.scientificamerican.com/article/heartbl
eed-shows-government-must-lead-on-internet-security1/)doi:10.1038/scientificamerican0714-14(https://doi.org/10.1
038%2Fscientificamerican0714-14)
11. Kerner, Sean Michael (February 20, 2015)."Why All Linux (Security) Bugs Aren't Shallow"(http://www.esecurityplan
et.com/open-source-security/why-all-linux-security-bugs-arent-shallow
.html). eSecurity Planet. Retrieved
February 21, 2015.
12. "Did open source matter for Heartbleed?"(http://www.zdnet.com/article/did-open-source-matter-for-heartbleed/).

Further reading
Jing Wang; J.M. Carroll (2011-05-27).Behind Linus's law: A preliminary analysis of open source software peer
review practices in Mozi(PDF). Int. Conf. on Collaboration Technologies and Systems (CTS), Philadelphia, PA .
IEEE Xplore Digital Library. pp. 117–124. doi:10.1109/CTS.2011.5928673. Archived from the original (PDF) on
2012-09-17. Retrieved 2014-08-11.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Linus%27s_Law&oldid=875114029


"

This page was last edited on 23 December 2018, at 22:30(UTC).

Text is available under theCreative Commons Attribution-ShareAlike License ; additional terms may apply. By using this
site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of theWikimedia
Foundation, Inc., a non-profit organization.

Das könnte Ihnen auch gefallen