Breaking News
Comments
Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
rick merritt
User Rank
Blogger
Money for open source projects
rick merritt   5/1/2014 10:17:22 AM
NO RATINGS
Sounds like some folks with a bigger bank accounhts than I have agree with me and a poneying up dough to fnd crucial open source projects.

See http://bits.blogs.nytimes.com/2014/04/24/companies-back-initiative-to-support-openssl-and-other-open-source-projects

 

 

 

DVanditmars
User Rank
Rookie
Re: Open Source quality is demonstrably better
DVanditmars   4/30/2014 11:53:27 PM
NO RATINGS
One must not confuse quantity with quality...

The typical figure of merrit is the number of eyeballs that 'review' the code, thus it has a higher quality.

Kishore.BA
User Rank
Rookie
Software (open or proprietry) will have bugs
Kishore.BA   4/25/2014 5:03:22 AM
NO RATINGS
It is not just Open sources developed with shoe strink budgets but also well paid softwares can have bugs. While we are talking about SSL, it may be worth while to note apple also had the ignonimity of a serious security flaw.

http://www.zdnet.com/apples-goto-fail-tells-us-nothing-good-about-cupertinos-software-delivery-process-7000027449/

Anyone with a little C programming experience would now this is a pretty silly mistake but shocking code inclusion into premium products like Macs, iPhones, iPads.


Whether you take any open source code or develop your own reviews, code analysis, code coverage is a must. Most corporations using open source code don't review the code getting included.

 

 

TanjB
User Rank
Rookie
Re: Open Source quality is demonstrably better
TanjB   4/23/2014 11:48:49 AM
NO RATINGS
Coverity covers some OSS code vs. some Enterprise code (according to the report).

Clearly Coverity did not cover the OpenSSL code.  Read the LibreSSL change log, it was a horror show of bad code.

I work for MS, and have on occasion written code for the OS.  Just over 10 years ago Windows went through a massive and painful reset, where for the best part of a year the main activity was simply cleaning up the code base.  Now, this was not just inspecting it and adding some comments (though that basic stuff happened).  They built program verification tools in MS Research (you can look up the publications, Coverity probably learned from MSR who started on those tools in the 90s) and the coding standards included stringent annotations to enhance the capability of the automatic checking.  The sort of mistake that LibreSSL is grumbling about simply can't be checked in to the source tree.

Now, I'm not claiming there are no bugs.  Millions of lines of code are a complexity which can not be made perfect by humans, even with the aid of verification tools.  There are modes of failure discovered which the tools do not yet check for.  But there are commercial vendors who take this stuff very seriously, and have long ago built the tools and practices to avoid simple problems like buffer overruns or reading out of bounds, and many other risk factors.

OSS code has its advantages.  We use it, and we contribute to it.  But, inspection by human eyes is not all you need, and tools like Coverity are limited unless you are willing to strictly change your coding practices to improve automated reasoning and coverage.  If you really want to build secure and critical code, deep investment in the practice and the tooling is a good idea.

I am not speaking for my employer here, just adding some perspective to this discussion about the nature of modern software engineering on proprietary software.  I assume that many of our competitors have similar practice on critical code.

stvw
User Rank
Freelancer
Re: Open Source quality is demonstrably better
stvw   4/23/2014 9:25:29 AM
NO RATINGS
Go to Google and search for "Open source software qaulity" without the quotes.

Pick off the first article in the search referencing Coverity.

I'm loath to point a link to a competitor to EE Tmes directly on their pages. Just doesn't seem fair.

Coverity has been doing on-going research into OSS quality for quite awhile and their numbers match my personal experience in the industry. I've been a Linux user since nearly day 1 (Version 0.12) and have seen it grow into the true defacto Internet OS. This occurred through natural selection processes as much as anything.  The original "Cathederal and Bazaar" article explained it best in my mind.  Proprietary software is at a huge disadvantage because typically the people working on it simply do it for the love of it!

The one OSS project I've been personally affiliated with (Icarus Verilog) has been ongoing for something 14 years.  The hand full of people that contribute to Icarus have been doing this with very little in the area of financial reward, but often because it solves their personal problems. They give a damn. So the results are merely born out by the Stats.

Steve

rob18767
User Rank
Manager
Re: No different than the cost of 'NOT-Free'
rob18767   4/23/2014 8:57:46 AM
NO RATINGS
Toyota being an obvious candidate. 

 

Andre.C
User Rank
Rookie
OpenSSL & GPL
Andre.C   4/22/2014 10:51:18 PM
NO RATINGS
GPL = Software Darwinism, this is a good thing.

rick merritt
User Rank
Blogger
Re: Open Source quality is demonstrably better
rick merritt   4/22/2014 8:58:02 PM
NO RATINGS
@Steve Wilson: Great stats. Do you have the link to the article?

rick merritt
User Rank
Blogger
Re: Open Source Software is actually quite expensive.
rick merritt   4/22/2014 8:54:51 PM
NO RATINGS
@Andrew: Great example with Python v3! I'd love to hear Guido or others on the project tell their stories of lessons learned.

Roba66
User Rank
Rookie
Re: OpenSSL testing
Roba66   4/22/2014 8:52:02 PM
NO RATINGS
The corporate user is responsible for keeping the information safe so it is his responsibility to test. However this is no different if the software is proprietary, unless the vendor indemnifies the corporate user (not likely).

Page 1 / 3   >   >>


Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Max Maxfield

Juggling a Cornucopia of Projects
Max Maxfield
Post a comment
I feel like I'm juggling a lot of hobby projects at the moment. The problem is that I can't juggle. Actually, that's not strictly true -- I can juggle ten fine china dinner plates, but ...

Karen Field

June 2014 Cartoon Caption Winner
Karen Field
13 comments
Congratulations to "Wnderer" for submitting the winning caption for our June cartoon, after much heated conversation by our judges, given the plethora of great entries.

Jeremy Cook

Inspection Rejection: Why More Is Less in a Vision System
Jeremy Cook
3 comments
Albert Einstein has been quoted as saying, "Everything should be as simple as possible, but not simpler." I would never claim to have his level of insight -- or such an awesome head of ...

Jeremy Cook

Machine Fixes That Made Me Go 'DUH!'
Jeremy Cook
21 comments
As you can see in my bio at the end of this article, I work as a manufacturing engineer. One of my favorite things that happens on a Friday late in the afternoon is to hear my phone ring ...

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)