Functionally Open Source has an unlimited budget.
Open Source promoters rave about the legion of programmers that stand poised to squash any bug that emerges and the other legion diligently adding features and functionality that the suits would never allow in a corporate run development and yet another legion that will repair any security breach discovered. It would appear that there is a bottomless pit development resources for any Open Source project.
But despite this, Open Source projects are plagued with bugs and security failures. Boosterism on the part of the Open Source believers and antipathy (the contempt and aversion variety) on the part of Open Source skeptics has resulted in these defects receiving little coverage.
So let me refresh your memory with a few salient recent developments. In a head to head security test of the LAMP (Linux Apache MySql PHP) stack versus the Microsoft stack, the LAMP stack was breached first. Linus Torvalds has been quoted "Even by the most *stringent* reasonable rules, we add a new bug every four days." Linus is pleading for us to look past the bugs because of all the features they are adding. What he and other Open Projects are lacking is resources devoted to QA. But even if they had adequate QA there is an additional lack of desire in developers working for free to fix bugs. They would much rather implement some bright shiny object.
This lack has on the one hand caused Linus to threaten to halt all new development on the kernel so that the bugs must be fixed. And in the rest of the community we have seen numerous experiments in Clopening the software. (Clopen is a term borrowed from the mathematicians, it is possible for things like sets to be both closed and open in math, when this happens they joke that the set is clopen). The idea behind Clopening the Software is this will give the projects resources to get a handle on Architecture and QA as well as means of providing the maintenance to fix those bugs no one wants to work. Often the Clopen occurs by offering privileged access for those who pay a premium. The software projects are surprised to learn that there are few takers and in return for the small amount of revenue they want quite a bit of control.
Which leaves one to conclude that Open Source's Infinite Budget does not come from the community. In Part 2 Your Company, we will find the ugly truth.
No comments:
Post a Comment