The open-source way of creating programs is still the best way, just don’t confuse it with being the perfect way — there’s no such thing.
A recent report claims that one of the fundamental benefits of open-source development, the co-called Law of Many Eyes is wrong. The idea behind the law is that since anyone can read the source code and find problems with it, they can then either fix them or report them back to the community. The end result is that you get better software.
The study, by Fortify Software, a company that makes development tools for checking security, found that many popular open source software programs contain significant security holes. I can’t take this study too seriously. After all, what else is Fortify going to say? “Open-source’s Law of Many Eyes works great. You don’t need our products?” I don’t think so.
Here’s what I think. I think the Law of Many Eyes, or as Eric Raymond phrased it in his seminal work on open source, The Cathedral and the Bazaar, “given enough eyeballs, all bugs are shallow,” does work. All you need do is watch how quickly open-source projects progress and how quickly they fix bugs to know that.