Open Source Code Quality – Security – Spat
Posted by Martin P in 
I’ll admit to laughing out loud reading this article on the BCS website on the supposed lack of security, accountability and management in Open Source projects. To be honest, I laughed at the utter ridiculousness of the premise in the article which I would like to think that the thinking world has moved on from a long time ago.
The first responder then proceeded to take the article to pieces line-by-line, which was even funnier. Or would be, if it weren’t putting the BCS editorial process in a really, really bad light. The response was edited by mods but a full version is available here.
I’ll make a note that hasn’t yet been raised in the debate. In the original article…
Alternatively open source applications can be updated via the community as developers release updates free-of-charge for the good of the open source users. However, there are no guarantees that the patch will be written and released at all, let alone the quality of the patch, as there is no overriding responsibility to provide a service level of any kind.
… demonstrates a fundamental lack of understanding of Open Source Software. The core of any OSS is a single logical entity. That entity may be a number of people in a number of geographic locations but it is nonetheless a single entity – though which contributions to the project are delivered – and potentially rejected. For smaller, less mature projects, quality may not be a criterion on which contributions are judged. Certainly for any remotely successful or mature project, quality requirements are very high on the list of priorities. Coding standards, testing standards, runtime standards are very often specified explicitly in the project documentation and contributions can be and very often are rejected on the basis of non-compliance.
It is true that in Open Source Software, anyone can contribute. But that does not mean the contribution automatically gets included in the package. That is a decision that only trusted members of a core team can make.
Of course, the notion that closed-source software is inherently secure is nonsense. As the latest vulnerability in the *most* closed software adequately demonstrates.
Latest from the Blog:
Categories
- DCM4CHEE
- Development
- High Availability
- IHE
- Infrastructure
- Lessons learned
- News
- Open Source
- PACS General
- Project matters
Recent Comments:
- Martin P on Window/Levelling in a browser – CANVAS or server-trips?
- Martin P on 3D can be a dangerous game
- Juan Jose Cermeno on 3D can be a dangerous game
- A.J on Window/Levelling in a browser – CANVAS or server-trips?
- Suresh on Window/Levelling in a browser – CANVAS or server-trips?