Program evolution: processes of software change
Program evolution: processes of software change
Methodology for Validating Software Metrics
IEEE Transactions on Software Engineering
The mythical man-month (anniversary ed.)
The mythical man-month (anniversary ed.)
IEEE Transactions on Pattern Analysis and Machine Intelligence
The cathedral and the bazaar: musings on Linux and open source by an accidental revolutionary
The cathedral and the bazaar: musings on Linux and open source by an accidental revolutionary
Rules and Tools for Software Evolution Planning and Management
Annals of Software Engineering
Does Open Source Improve System Security?
IEEE Software
Metrics and Laws of Software Evolution - The Nineties View
METRICS '97 Proceedings of the 4th International Symposium on Software Metrics
IEEE Transactions on Pattern Analysis and Machine Intelligence
Network Analysis: Methodological Foundations (Lecture Notes in Computer Science)
Network Analysis: Methodological Foundations (Lecture Notes in Computer Science)
Use of relative code churn measures to predict system defect density
Proceedings of the 27th international conference on Software engineering
Increased security through open source
Communications of the ACM - The patent holder's dilemma: buy, sell, or troll?
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
The influence of organizational structure on software quality: an empirical case study
Proceedings of the 30th international conference on Software engineering
Can developer-module networks predict failures?
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Predicting failures with developer networks and social network analysis
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Latent social structure in open source projects
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Improving developer activity metrics with issue tracking annotations
Proceedings of the 2010 ICSE Workshop on Emerging Trends in Software Metrics
Strengthening the empirical analysis of the relationship between Linus' Law and software security
Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement
Which is the right source for vulnerability studies?: an empirical analysis on Mozilla Firefox
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Socio-technical developer networks: should we trust our measurements?
Proceedings of the 33rd International Conference on Software Engineering
Ownership, experience and defects: a fine-grained study of authorship
Proceedings of the 33rd International Conference on Software Engineering
Don't touch my code!: examining the effects of ownership on software quality
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Does adding manpower also affect quality?: an empirical, longitudinal analysis
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
BugCache for inspections: hit or miss?
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Interactive churn metrics: socio-technical variants of code churn
ACM SIGSOFT Software Engineering Notes
How many answers are enough? optimal number of answers for Q&A sites
SocInfo'12 Proceedings of the 4th international conference on Social Informatics
Dual ecological measures of focus in software development
Proceedings of the 2013 International Conference on Software Engineering
Distributed development considered harmful?
Proceedings of the 2013 International Conference on Software Engineering
Organizational social structures for software engineering
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Open source software is often considered to be secure. One factor in this confidence in the security of open source software lies in leveraging large developer communities to find vulnerabilities in the code. Eric Raymond declares Linus' Law "Given enough eyeballs, all bugs are shallow." Does Linus' Law hold up ad infinitum? Or, can the multitude of developers become "too many cooks in the kitchen", causing the system's security to suffer as a result? In this study, we examine the security of an open source project in the context of developer collaboration. By analyzing version control logs, we quantified notions of Linus' Law as well as the "too many cooks in the kitchen" viewpoint into developer activity metrics. We performed an empirical case study by examining correlations between the known security vulnerabilities in the open source Red Hat Enterprise Linux 4 kernel and developer activity metrics. Files developed by otherwise-independent developer groups were more likely to have a vulnerability, supporting Linus' Law. However, files with changes from nine or more developers were 16 times more likely to have a vulnerability than files changed by fewer than nine developers, indicating that many developers changing code may have a detrimental effect on the system's security.