"Publication - is the Auction Of the Mind of Man" Emily Dickinson
Wednesday, 30 June 2004

One of the recently discovered Internet Explorer bugs allows malicious sites to install key stroke recording code on your system. This certainly has got a lot of press and deservedly so because of the widespread presence of IE as a browser.

Every time this happens I wonder, does open source produce more secure code? Do “more eyeballs” reviewing the code produce better code? Looking over the list of vulnerabilities on the US-Cert Issues Advisory list makes me doubt that this is true.

Based on my experience, too many reviewers often make for poorer reviews. Remember the last time you had to sign off on a document with a long list of reviewers? The early reviewers glance at the document knowing more reviewers will look at it later. The later reviewers assume the early reviewers did most of the work already. The result is a lackadaisical, poor job of reviewing. You cannot tell me that the open source community is immune from the natural tendencies of human nature.

Approval by committee is no different than design by committee. Just because the committee is larger does not automatically make the review better.

Wednesday, 30 June 2004 10:14:21 (Eastern Daylight Time, UTC-04:00) | Comments [0] | All | Software Development#
Admin Login
Sign In
Pick a theme: