Linux Foundation: Bugs Can Be Made Shallow With Proper Funding

jones_supa writes The record amount of security challenges in 2014 undermined the confidence many had in high quality of open source software. Jim Zemlin, executive director of the Linux Foundation, addressed the issue head-on during last week's Linux Collaboration Summit. Zemlin quoted the oft-repeated Linus' law, which states that given enough eyes, all bugs are shallow. "In these cases the eyeballs weren't really looking", Zemlin said. "Modern software security is hard because modern software is very complex," he continued. Such complexity requires dedicated engineers, and thus the solution is to fund projects that need help. To date, the foundation's Core Infrastructure Initiative has helped out the NTP, OpenSSL and GnuPG projects, with more likely to come. The second key initiative is the Core Infrastructure Census, which aims to find the next Heartbleed before it occurs. The census is looking to find underfunded projects and those that may not have enough eyeballs looking at the code today."

Re:Linux was better when there was little funding.

[phantomfive]

Yet we have corporate interests and corporate-funded developers forcing it on us, even forcing it into community-oriented distros like Debian.

Debian adopted systemd for reasons outlined here. It wasn't a conspiracy. Poettering knew that distros are crucial to the adoption of systemD, so he's made things as easy as possible for them, and given them features they wanted. Essentially systemd makes it easier to write an init script, and since Debian writes a lot of them, they liked that.

Of course, Poettering has been less responsive to other parties (like the kernel devs), but that's another topic.

Re:Whose Eyes?

[Your.Master]

Torvald's didn't say the "many eyes" thing at all. Eric S. Raymond did.