980:
125:
992:
966:
112:
stars (7,481 stars or more). Bug identification was measured using the corrective commit probability, the ratio of commits determined to be related to fixing bugs. The analysis showed that popular projects had a higher ratio of bug fixes (e.g., Google's popular projects had a 27% higher bug fix rate
80:
movement, but calls it a fallacy due to the lack of supporting evidence and because research has indicated that the rate at which additional bugs are uncovered does not scale linearly with the number of reviewers; rather, there is a small maximum number of useful reviewers, between two and four, and
92:
security bug in a critical piece of code for two years has been considered as a refutation of
Raymond's dictum. Larry Seltzer suspects that the availability of source code may cause some developers and researchers to perform less extensive tests than they would with
101:'s executive director Jim Zemlin argued that the complexity of modern software has increased to such levels that specific resource allocation is desirable to improve its security. Regarding some of 2014's largest global open source
450:
113:
than Google's less popular projects). Since it is unlikely that Google lowered its code quality standards in more popular projects, this is an indication of increased bug detection efficiency in popular projects.
56:
base, almost every problem will be characterized quickly and the fix obvious to someone." Presenting the code to multiple developers with the purpose of reaching consensus about its acceptance is a simple form of
105:, he says, "In these cases, the eyeballs weren't really looking". Large scale experiments or peer-reviewed surveys to test how well the mantra holds in practice have not been performed.
108:
Empirical support of the validity of Linus's law was obtained by comparing popular and unpopular projects of the same organization. Popular projects are projects with the top 5% of
675:
1159:
680:
1169:
705:
1154:
926:
1030:
81:
additional reviewers above this number uncover bugs at a much lower rate. While closed-source practitioners also promote stringent, independent
984:
939:
130:
293:
405:
949:
690:
665:
321:
282:
251:
220:
61:. Researchers and practitioners have repeatedly shown the effectiveness of reviewing processes in finding bugs and security issues.
1058:
685:
554:
338:
642:
85:
during a software project's development, they focus on in-depth review by a few and not primarily the number of "eyeballs".
944:
637:
37:
1023:
733:
670:
1164:
771:
632:
187:
776:
786:
594:
102:
1174:
647:
307:
1016:
825:
818:
766:
149:
610:
1108:
517:
431:
914:
743:
367:
154:
20:
902:
547:
159:
791:
657:
627:
489:
1078:
514:
Behind Linus's law: A preliminary analysis of open source software peer review practices in Mozi
488:
Amit, Idan; Feitelson, Dror G. (2020). "The
Corrective Commit Probability Code Quality Metric".
451:"Comparing Experimental and Matching Methods Using a Large-Scale Voter Mobilization Experiment"
1113:
1098:
599:
470:
383:
317:
289:
278:
268:
247:
237:
216:
212:
164:
77:
206:
748:
738:
579:
521:
462:
375:
98:
934:
695:
313:
184:
73:
58:
32:
1088:
1073:
1068:
1063:
1053:
371:
1179:
1118:
1103:
1083:
996:
858:
758:
700:
540:
274:
42:
379:
1148:
1130:
908:
880:
851:
844:
796:
728:
243:
144:
94:
82:
16:
1999 claim by Eric S. Raymond about software development, named after Linus
Torvalds
970:
837:
781:
604:
571:
28:
886:
872:
812:
589:
358:
Felten, Edward W.; Kroll, Joshua A. (2014). "Help Wanted on
Internet Security".
343:
139:
120:
89:
53:
525:
474:
865:
831:
723:
518:
Int. Conf. on
Collaboration Technologies and Systems (CTS), Philadelphia, PA
49:
387:
1039:
892:
466:
897:
109:
449:
Arceneaux, Kevin; Gerber, Alan S.; Green, Donald P. (January 2006).
494:
1134:
1042:
965:
563:
1008:
1129:
Semantically, a computer law is not a hard and fast law, but a
1012:
536:
97:
software, making it easier for bugs to remain. In 2015, the
399:
397:
532:
236:
Pfleeger, Charles P.; Pfleeger, Shari
Lawrence (2003).
925:
805:
757:
716:
656:
620:
570:
425:
423:
339:"Does Heartbleed Disprove 'Open Source is Safer'?"
48:A more formal statement is: "Given a large enough
27:is the assertion that "given enough eyeballs, all
520:. IEEE Xplore Digital Library. pp. 117–124.
71:Facts and Fallacies about Software Engineering,
406:"Why All Linux (Security) Bugs Aren't Shallow"
1024:
548:
8:
270:Facts and Fallacies of Software Engineering
1031:
1017:
1009:
555:
541:
533:
404:Kerner, Sean Michael (February 20, 2015).
493:
985:Free and open-source software portal
432:"Did open source matter for Heartbleed?"
306:Howard, Michael; LeBlanc, David (2003).
31:are shallow". The law was formulated by
176:
76:refers to the law as a "mantra" of the
1160:Computer-related introductions in 1999
512:Jing Wang; J.M. Carroll (2011-05-27).
7:
131:Free and open-source software portal
1170:Free software culture and documents
927:Professional related certifications
41:(1999), and was named in honor of
14:
706:List of software package managers
691:Security-focused operating system
430:Seltzer, Larry (April 14, 2014).
380:10.1038/scientificamerican0714-14
337:Byfield, Bruce (April 14, 2014).
1155:Computer architecture statements
991:
990:
978:
964:
123:
681:Distributions that run from RAM
188:"The Cathedral and the Bazaar"
1:
239:Security in Computing, 4th Ed
638:GNU/Linux naming controversy
316:. pp. 44–45, 615, 726.
309:Writing Secure Code, 2nd. Ed
208:The Cathedral and the Bazaar
38:The Cathedral and the Bazaar
734:Linux Documentation Project
676:Netbook-specific comparison
1196:
633:Criticism of desktop Linux
1127:
1049:
958:
643:Tanenbaum–Torvalds debate
267:Glass, Robert L. (2003).
205:Raymond, Eric S. (1999).
526:10.1109/CTS.2011.5928673
103:software vulnerabilities
246:PTR. pp. 154–157.
88:The persistence of the
819:Free Software Magazine
749:Linux User Group (LUG)
150:List of eponymous laws
35:in his essay and book
744:Linux Mark Institute
155:Software peer review
21:software development
372:2014SciAm.311a..14F
360:Scientific American
160:Wisdom of the crowd
1109:Moore's second law
671:Distributions list
666:General comparison
628:Criticism of Linux
467:10.1093/pan/mpj001
455:Political Analysis
408:. eSecurity Planet
59:software reviewing
1165:Computing culture
1142:
1141:
1006:
1005:
165:XZ Utils backdoor
1187:
1033:
1026:
1019:
1010:
994:
993:
983:
982:
981:
971:Linux portal
969:
968:
940:Linux Foundation
739:Linux Foundation
557:
550:
543:
534:
529:
500:
499:
497:
485:
479:
478:
446:
440:
439:
427:
418:
417:
415:
413:
401:
392:
391:
355:
349:
348:
334:
328:
327:
303:
297:
288:
264:
258:
257:
233:
227:
226:
202:
196:
195:
185:Raymond, Eric S.
181:
133:
128:
127:
126:
99:Linux Foundation
1195:
1194:
1190:
1189:
1188:
1186:
1185:
1184:
1145:
1144:
1143:
1138:
1123:
1079:Gustafson's law
1045:
1037:
1007:
1002:
979:
977:
963:
954:
921:
801:
753:
712:
696:Package manager
652:
616:
595:Booting process
566:
561:
511:
508:
506:Further reading
503:
487:
486:
482:
448:
447:
443:
429:
428:
421:
411:
409:
403:
402:
395:
357:
356:
352:
336:
335:
331:
324:
314:Microsoft Press
305:
304:
300:
285:
277:. p. 174.
266:
265:
261:
254:
235:
234:
230:
223:
204:
203:
199:
183:
182:
178:
174:
169:
129:
124:
122:
119:
67:
33:Eric S. Raymond
17:
12:
11:
5:
1193:
1191:
1183:
1182:
1177:
1175:Linus Torvalds
1172:
1167:
1162:
1157:
1147:
1146:
1140:
1139:
1128:
1125:
1124:
1122:
1121:
1116:
1114:Pollack's rule
1111:
1106:
1101:
1099:Metcalfe's law
1096:
1091:
1086:
1081:
1076:
1071:
1066:
1061:
1056:
1050:
1047:
1046:
1038:
1036:
1035:
1028:
1021:
1013:
1004:
1003:
1001:
1000:
988:
974:
959:
956:
955:
953:
952:
947:
942:
937:
935:CompTIA Linux+
931:
929:
923:
922:
920:
919:
912:
905:
900:
895:
890:
883:
878:
877:
876:
862:
859:Linux Magazine
855:
848:
841:
834:
829:
822:
815:
809:
807:
803:
802:
800:
799:
794:
789:
784:
779:
774:
769:
763:
761:
755:
754:
752:
751:
746:
741:
736:
731:
726:
720:
718:
714:
713:
711:
710:
709:
708:
703:
701:Package format
693:
688:
683:
678:
673:
668:
662:
660:
654:
653:
651:
650:
645:
640:
635:
630:
624:
622:
618:
617:
615:
614:
607:
602:
597:
592:
587:
582:
576:
574:
568:
567:
562:
560:
559:
552:
545:
537:
531:
530:
507:
504:
502:
501:
480:
441:
419:
393:
350:
329:
322:
298:
294:978-0321117427
283:
275:Addison-Wesley
259:
252:
228:
221:
215:. p. 30.
213:O'Reilly Media
197:
175:
173:
170:
168:
167:
162:
157:
152:
147:
142:
136:
135:
134:
118:
115:
66:
63:
43:Linus Torvalds
15:
13:
10:
9:
6:
4:
3:
2:
1192:
1181:
1178:
1176:
1173:
1171:
1168:
1166:
1163:
1161:
1158:
1156:
1153:
1152:
1150:
1137:(postulation)
1136:
1132:
1131:rule of thumb
1126:
1120:
1117:
1115:
1112:
1110:
1107:
1105:
1102:
1100:
1097:
1095:
1092:
1090:
1087:
1085:
1082:
1080:
1077:
1075:
1072:
1070:
1067:
1065:
1062:
1060:
1057:
1055:
1052:
1051:
1048:
1044:
1041:
1034:
1029:
1027:
1022:
1020:
1015:
1014:
1011:
999:
998:
989:
987:
986:
975:
973:
972:
967:
961:
960:
957:
951:
948:
946:
943:
941:
938:
936:
933:
932:
930:
928:
924:
918:
917:
913:
911:
910:
909:Revolution OS
906:
904:
901:
899:
896:
894:
891:
889:
888:
884:
882:
881:Linux Outlaws
879:
875:
874:
870:
869:
868:
867:
863:
861:
860:
856:
854:
853:
852:Linux Journal
849:
847:
846:
845:Linux Gazette
842:
840:
839:
835:
833:
830:
828:
827:
823:
821:
820:
816:
814:
811:
810:
808:
804:
798:
797:Linux malware
795:
793:
790:
788:
785:
783:
780:
778:
775:
773:
770:
768:
765:
764:
762:
760:
756:
750:
747:
745:
742:
740:
737:
735:
732:
730:
729:Linux Counter
727:
725:
722:
721:
719:
717:Organizations
715:
707:
704:
702:
699:
698:
697:
694:
692:
689:
687:
684:
682:
679:
677:
674:
672:
669:
667:
664:
663:
661:
659:
658:Distributions
655:
649:
648:SCO and Linux
646:
644:
641:
639:
636:
634:
631:
629:
626:
625:
623:
621:Controversies
619:
613:
612:
608:
606:
603:
601:
598:
596:
593:
591:
588:
586:
583:
581:
578:
577:
575:
573:
569:
565:
558:
553:
551:
546:
544:
539:
538:
535:
527:
523:
519:
515:
510:
509:
505:
496:
491:
484:
481:
476:
472:
468:
464:
460:
456:
452:
445:
442:
437:
433:
426:
424:
420:
407:
400:
398:
394:
389:
385:
381:
377:
373:
369:
365:
361:
354:
351:
346:
345:
340:
333:
330:
325:
323:0-7356-1722-8
319:
315:
311:
310:
302:
299:
295:
291:
286:
284:0-321-11742-5
280:
276:
272:
271:
263:
260:
255:
253:0-13-239077-9
249:
245:
244:Prentice Hall
241:
240:
232:
229:
224:
222:1-56592-724-9
218:
214:
210:
209:
201:
198:
193:
189:
186:
180:
177:
171:
166:
163:
161:
158:
156:
153:
151:
148:
146:
145:Crowdsourcing
143:
141:
138:
137:
132:
121:
116:
114:
111:
106:
104:
100:
96:
95:closed source
91:
86:
84:
83:code analysis
79:
75:
72:
64:
62:
60:
55:
51:
46:
44:
40:
39:
34:
30:
26:
22:
1093:
1089:Koomey's law
1074:Grosch's law
1069:Edholm's law
1064:Brooks's law
1054:Amdahl's law
995:
976:
962:
915:
907:
885:
871:
864:
857:
850:
843:
838:Linux Format
836:
824:
817:
792:Range of use
609:
584:
572:Linux kernel
513:
483:
461:(1): 37–62.
458:
454:
444:
435:
412:February 21,
410:. Retrieved
363:
359:
353:
342:
332:
308:
301:
269:
262:
238:
231:
207:
200:
191:
179:
107:
87:
74:Robert Glass
70:
68:
47:
36:
24:
18:
1119:Wirth's law
1104:Moore's law
1094:Linus's law
1084:Haitz's law
887:Linux Voice
873:Ubuntu User
826:Full Circle
813:DistroWatch
686:Lightweight
600:Kernel oops
590:Linux-libre
585:Linus's law
78:open source
50:beta-tester
25:Linus's law
1149:Categories
1059:Bell's law
495:2007.10912
344:Datamation
172:References
140:Code audit
90:Heartbleed
866:LinuxUser
832:Linux.com
724:LinuxChix
475:1047-1987
366:(1): 14.
54:developer
1040:Computer
997:Category
916:The Code
903:Phoronix
893:LugRadio
777:Embedded
767:Adopters
759:Adoption
388:24974688
192:catb.org
117:See also
65:Validity
945:Red Hat
898:LWN.net
772:Desktop
580:History
368:Bibcode
52:and co-
950:Ubuntu
787:Mobile
782:Gaming
473:
386:
320:
292:
281:
250:
219:
110:GitHub
1180:Linux
1135:axiom
1133:, or
806:Media
611:more…
564:Linux
490:arXiv
436:ZDNet
1043:laws
471:ISSN
414:2015
384:PMID
318:ISBN
290:ISBN
279:ISBN
248:ISBN
217:ISBN
29:bugs
605:Tux
522:doi
463:doi
376:doi
364:311
69:In
19:In
1151::
516:.
469:.
459:14
457:.
453:.
434:.
422:^
396:^
382:.
374:.
362:.
341:.
312:.
273:.
242:.
211:.
190:.
45:.
23:,
1032:e
1025:t
1018:v
556:e
549:t
542:v
528:.
524::
498:.
492::
477:.
465::
438:.
416:.
390:.
378::
370::
347:.
326:.
296:.
287:.
256:.
225:.
194:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.