{"id":28030,"date":"2014-09-30T08:13:38","date_gmt":"2014-09-30T12:13:38","guid":{"rendered":"http:\/\/quotulatiousness.ca\/blog\/?p=28030"},"modified":"2014-09-30T08:13:38","modified_gmt":"2014-09-30T12:13:38","slug":"these-bugs-were-found-and-were-findable-because-of-open-source-scrutiny","status":"publish","type":"post","link":"https:\/\/quotulatiousness.ca\/blog\/2014\/09\/30\/these-bugs-were-found-and-were-findable-because-of-open-source-scrutiny\/","title":{"rendered":"&#8220;These bugs were found \u2013 and were findable \u2013 because of open-source scrutiny&#8221;"},"content":{"rendered":"<p><a href=\"http:\/\/esr.ibiblio.org\/?p=6302\" target=\"_blank\">ESR<\/a> talks about the visibility problem in software bugs:<\/p>\n<blockquote><p>The first thing to notice here is that these bugs were found \u2013 and were findable \u2013 because of open-source scrutiny.<\/p>\n<p>There\u2019s a \u201cthings seen versus things unseen\u201d fallacy here that gives bugs like Heartbleed and Shellshock false prominence. We don\u2019t know \u2013 and can\u2019t know \u2013 how many far worse exploits lurk in proprietary code known only to crackers or the NSA.<\/p>\n<p>What we can project based on other measures of differential defect rates suggests that, however imperfect \u201cmany eyeballs\u201d scrutiny is, \u201cfew eyeballs\u201d or \u201cno eyeballs\u201d is far worse.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>ESR talks about the visibility problem in software bugs: The first thing to notice here is that these bugs were found \u2013 and were findable \u2013 because of open-source scrutiny. There\u2019s a \u201cthings seen versus things unseen\u201d fallacy here that gives bugs like Heartbleed and Shellshock false prominence. We don\u2019t know \u2013 and can\u2019t know [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15],"tags":[129,93,334,92],"class_list":["post-28030","post","type-post","status-publish","format-standard","hentry","category-technology","tag-hack","tag-opensource","tag-security","tag-software"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p2hpV6-7i6","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/28030","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/comments?post=28030"}],"version-history":[{"count":1,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/28030\/revisions"}],"predecessor-version":[{"id":28031,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/posts\/28030\/revisions\/28031"}],"wp:attachment":[{"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/media?parent=28030"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/categories?post=28030"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/quotulatiousness.ca\/blog\/wp-json\/wp\/v2\/tags?post=28030"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}