[Discuss] CrowdStrike Fiasco
Kent Borg
kentborg at borg.org
Thu Jul 25 17:25:34 EDT 2024
On 7/25/24 14:13, Rich Pieri wrote:
> First, the aphorism that, "with enough eyes, all bugs are shallow," is
> demonstrably wrong.
It might actually *be* true, were the precondition true, if there
actually *were* there a lot of eyes. But there aren't.
It turns out reading source code is not a major recreation on the
internet, it has hard work. Even when programmers are paid to review
code as part of their jobs, reviews tend to be whether the favored
"design patterns" and "best practices" are being followed. And of
course, whether it is nicely formatted, and only a small code change.
Canonical kxcd cartoon 2347 "Dependency":
https://imgs.xkcd.com/comics/dependency.png
Not only is "some random person in Nebraska" the only one maintaining
that little block that holds up "all modern digital infrastructure",
s/he is the only person looking at that code at all. Since 2003…
-kb
More information about the Discuss
mailing list