The reason why is a familiar refrain: more eyeballs mean more secure code.
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who pu
Code quality doesn't come from the quantity of people looking at it. Code quality comes from the quality of the people working on it.
"he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called "low-hanging fruit." He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched."
This does not speak highly of the quality of the people working on the code.
It's not the quality of people but perhaps how much they are being paid. The difference between Linux and the BSDs is that there are many more paid developers working on the Linux kernel than the BSDs.
Everybody has to find a way to put groceries on the table.
BSD is Dying? (Score:5, Funny)
I won't believe it until Netcraft confirms it!
"more eyeballs mean more secure code"?! (Score:5, Insightful)
After Heartbleed and the other issues affecting OpenSSL, and Shellsheck affecting bash, why the hell would anyone still be pushing this disproven "more eyeballs" narrative?!
The OpenBSD project proves that security doesn't come from "more eyeballs". It comes from having software developers who know what they're doing, and who take their work very seriously, and who show immense discipline, and who don't put up with bullshit, and who pu
Re: (Score:1)
Code quality doesn't come from the quantity of people looking at it. Code quality comes from the quality of the people working on it.
"he easily found around 115 kernel bugs across the three BSDs, including 30 for FreeBSD, 25 for OpenBSD, and 60 for NetBSD. Many of these bugs he called "low-hanging fruit." He promptly reported all the bugs, but six months later, at the time of his talk, many remained unpatched."
This does not speak highly of the quality of the people working on the code.
Re: (Score:2)
It's not the quality of people but perhaps how much they are being paid. The difference between Linux and the BSDs is that there are many more paid developers working on the Linux kernel than the BSDs.
Everybody has to find a way to put groceries on the table.
Re:"more eyeballs mean more secure code"?! (Score:3)
I am fine on groceries. I want code that is reliable and secure. I will continue using OpenBSD - but not as my dinner.