Linux 2017: With Great Power Comes Great Responsibility

Steven J. Vaughan-Nichols | ZD Net | January 4, 2017

Linux and open-source software now run the world and that means we need to work harder than ever to make sure it's trustworthy.

In 2016, Linux turned 25. When it began, it was a student project. Today, Linux runs everything. From smartphones to supercomputers to web servers to clouds to the car, it's all Linux, all the time. Even the one exception, the end-user, is moving to Linux. Android is now the most popular end-user opearating system. In addition, Chromebooks are becoming more popular. Indeed, even traditional Linux desktops such as Fedora, openSUSE, Mint, and Ubuntu are finally gaining traction. Heck, my TechRepublic Linux buddy Jack Wallen even predicts that "Linux [desktop] market share will finally breach the 5-percent mark".

Of course, end-users have always used Linux. They just didn't realize that almost all popular websites and many software-as-a-service (SaaS) applications run on Linux. Even Microsoft has finally gotten the Linux religion. I mean, just last year Microsoft joined The Linux Foundation. So with everything going so right with Linux why am I concerned? Because now every hacker who's really a hacker and not just some script-kiddie is coming after Linux and other open-source's code, hunting for vulnerabilities.

True, as open-source leader Eric S. Raymond pointed out years ago in Linus's Law, "Given enough eyeballs all bugs are shallow". This is one of the key concepts that made Linux the success it is today and which empowers open-source software. But it only works if there are enough eyes looking for bugs to fix the code. Estimates on the number of errors per thousand lines of code (KLOC) range from 15 to 50 errors per KLOC to three if the code is rigorously checked and tested. The Linux kernel alone now comes to over 16 million lines of code. Do the math...